Values for content-security-policy-report-only:
default-src 'self' www.google.com www.gstatic.com img6.wsimg.com *.secureserver.net collect.tealiumiq.com *.akamaihd.net c.go-mpulse.net *.akstat.io www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.godaddy.com data:;font-src * data: blob:;style-src 'self' 'unsafe-inline' img6.wsimg.com www.gstatic.com;script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src * data: blob:;frame-src * data: blob:;report-uri /forsale/api/csp-reports 296
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 183
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 148
default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 81
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 65
default-src https: 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk; script-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.gstatic.com www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com hmrc-uk.digital.nuance.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.gstatic.com 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com lux.speedcurve.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com hmpowebchat.klick2contact.com omni.eckoh.uk www.signin.service.gov.uk; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 65
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 65
56
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 42
default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src *; style-src 'unsafe-inline' *; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 24
default-src 'self' 23
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a 19
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 18
script-src 'self' https://static.cloudflareinsights.com; connect-src: *; 'report-sample'; report-uri /csp-reports report-to /csp-reports 18
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 17
object-src 'self' https://www.youtube.com/ https://www.3cx.com/;script-src 'self' 'unsafe-eval' 'unsafe-inline' https: www.google.com google.com googletagmanager.com www.googletagmanager.com www.googletagmanager.com wcdn.3cx.com 3cx.com www.3cx.com s3.amazonaws.com  tagmanager.google.com www.google-analytics.com google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net/;script-src-elem 'self' https: 'unsafe-inline' wcdn.3cx.com 3cx.com www.3cx.com s3.amazonaws.com www.googletagmanager.com googletagmanager.com beacon-v2.helpscout.net snap.licdn.com connect.facebook.net www.google-analytics.com www.redditstatic.com www.googleadservices.com;style-src 'self' wcdn.3cx.com https://fonts.googleapis.com https://www.google.com https://themes.googleusercontent.com https://s3.amazonaws.com *.freshteam.com 'unsafe-inline';img-src 'self' data: https: wcdn.3cx.com 3cx.com *.googleusercontent.com https://px.ads.linkedin.com;frame-src 'self' mailto: tel: https://3cx.com https://www.g2.com/products/3cx/ https://www.youtube-nocookie.com/ https://europe-west3-tcx-erp.cloudfunctions.net https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.loom.com https://www.googletagmanager.com; report-uri /csp/; 15
default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://pay.google.com https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://pay.google.com https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com 15
report-uri /report-csp-violation 15
default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval' 14
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 14
frame-ancestors 'self' 13
script-src 'self' 'unsafe-eval' 'unsafe-inline' https: https://www.googletagmanager.com https://3cx.com https://www.3cx.com https://s3.amazonaws.com https://www.google.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net;	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https: https://www.googletagmanager.com https://3cx.com https://www.3cx.com https://s3.amazonaws.com https://www.google.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net; frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self'; report-uri /csp/; 13
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 13
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 12
frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 12
frame-ancestors 'self'; report-uri /beacon/csp.php 11
img-src 'self' https://c.clarity.ms https://captcha.eset.com https://www.facebook.com https://www.google.be https://www.google.com https://www.google.hu https://www.google.it https://www.google.pl https://www.google.sk; connect-src 'self' https://*.clarity.ms https://*.eset.com https://c.go-mpulse.net https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com; script-src 'self' https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://widget.trustpilot.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com; default-src 'self'; font-src 'self'; frame-src 'self' https://www.googletagmanager.com; style-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 11
font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 11
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 11
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com  wss://*.hotjar.com wss://*.qualified.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 10
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 10
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 10
default-src 'self'; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://api.personio.de/recruiting/applicant https://bat.bing.com/actionp/; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de https://*.instana.io; frame-ancestors 'self' https://www.gmx.at https://www.gmx.ch https://www.gmx.net https://web.de https://www.meinestadt.de http://www.meinestadt.de https://www.zeit.de https://home.1und1.de; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https: https://*.instana.io; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ https://www.sovendus.com/banner-responsive/; style-src 'self' 'unsafe-inline' https://www.parship.com https://www.sovendus.com https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://partnerboerse.parship.de https://translate.googleapis.com https://*.adyen.com; media-src 'self'; report-uri /ls/?reportOnly=true 10
default-src https: data: 'unsafe-inline' 'unsafe-eval' 10
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.unetsafe.com https://ui.invisiblesport.com https://*.bing.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.taboola.com https://*.atlantgaming.com https://*.regily.com https://*.sptpub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://chat.mrbit.bet https://chat.mrbit.com https://chat.mrbit.de https://chat.mrbit.ro https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com; font-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://fonts.gstatic.com data: https://ui.invisiblesport.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://livechat24.tech https://*.livechat24.tech https://*.sptpub.com https://app.vwo.com https://chat.mrbit.bet https://chat.mrbit.com https://chat.mrbit.de https://chat.mrbit.ro; frame-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://ui.invisiblesport.com https://cf-mt-cdn2.relaxg.com https://tk-game-mt1.thunderkick.com https://gamelaunch.wazdan.com https://*.unetsafe.com https://*.zignsec.com https://www.facebook.com bankid://* wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.trustly.com https://tpc.googlesyndication.com https://*.atlantgaming.com https://*.regily.com https://*.sptpub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://chat.mrbit.bet https://chat.mrbit.com https://chat.mrbit.de https://chat.mrbit.ro https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com localhost:40000 https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.unetsafe.com https://ui.invisiblesport.com https://*.bing.com https://*.cloudflare.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.sptpub.com *.visualwebsiteoptimizer.com https://app.vwo.com https://cdn-cn.vwo-analytics.com https://chat.mrbit.bet https://chat.mrbit.com https://chat.mrbit.de https://chat.mrbit.ro https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net; style-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://*.fasttrack-solutions.com https://fonts.googleapis.com 'unsafe-inline' https://ui.invisiblesport.com https://livechat24.tech https://*.livechat24.tech https://*.sptpub.com https://app.vwo.com https://chat.mrbit.bet https://chat.mrbit.com https://chat.mrbit.de https://chat.mrbit.ro; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 10
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 9
default-src https: 'unsafe-inline' 'unsafe-eval' 9
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com; 9
default-src 'self'; img-src 'self' *.bing.com *.clarity.ms *.theaccessgroup.com accessgroup-website-v8-preview.azureedge.net accessgrouppreviewweb.azureedge.net accessgroupuatweb.azureedge.net accessgroupweb.azureedge.net cdn.jsdelivr.net id.rlcdn.com match.prod.bidr.io px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com *.blob.core.windows.net *.placeholder.com *.doubleclick.net www.google.co.uk www.google.com bat.bing.com www.google-analytics.com www.facebook.com www.google-analytics.com data: cdn.bizible.com; script-src 'self' 'unsafe-inline' cdn-3.convertexperiments.com ucalc.pro *.clarity.ms *.ucalc.pro analytics.twitter.com npmcdn.com app-lon05.marketo.com pages.theaccessgroup.com tracker.gaconnector.com api.ipify.org bat.bing.com static.ads-twitter.com snap.licdn.com www.googleadservices.com connect.facebook.net tag.demandbase.com tags.srv.stackadapt.com snap.licdn.com www.google-analytics.com www.googleadservices.com www.youtube.com secure.perk0mean.com static.hotjar.com script.hotjar.com widget.surveymonkey.com googleads.g.doubleclick.net www.googletagmanager.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net munchkin.marketo.net cdn.bizible.com; style-src 'self' 'unsafe-inline' *.ucalc.pro tags.srv.stackadapt.com app-lon05.marketo.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com pro.fontawesome.com; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com  pro.fontawesome.com;connect-src *.clarity.ms *.mktoresp.com in.hotjar.com api.company-target.com tags.srv.stackadapt.com bat.bing.com www.google-analytics.com stats.g.doubleclick.net;frame-src *.ucalc.pro vars.hotjar.com app-lon05.marketo.com www.youtube.com player.vimeo.com *.doubleclick.net; 9
default-src 'self'; 9
default-src 'self' data: blob: *.verisign.com; img-src 'self' data: *.verisign.com *.siteimproveanalytics.io *.brightcove.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com polyfill.io assets.adobedtm.com siteimproveanalytics.com players.brightcove.net *.zencdn.net *.verisign.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.prod.boltdns.net *.brightcove.com *.akamaihd.net *.greenhouse.io *.verisign.com; worker-src blob: 8
style-src https://*.americanexpress.com/ https://e3.insurance.online-eapp.com/ https://secure.cmax.americanexpress.com/ 'unsafe-inline' 'self' https://cdn.vivocha.com/ https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com/ https://cloud.webtype.com/ https://*.aexp-static.com/ https://cloud.typenetwork.com/ https://*.typekit.net/; script-src https://www.americanexpress.com.tr/ 'self' https://assets.delvenetworks.com/ https://cdn.taboola.com/ https://ds-aksb-a.akamaihd.net/ https://s.yjtag.jp/ https://www.cdn-path.com/ https://googleads.g.doubleclick.net/ https://cdn.smartnews-ads.com/ https://www.gstatic.com/ https://s.yimg.com/ https://js-cdn.dynatrace.com/ https://www.googleadservices.com/ https://*.hotjar.com/ https://aexp.demdex.net/ https://*.yahoo.co.jp/ https://secure.cmax.americanexpress.com/ https://*.ladsp.com/ https://d5phz18u4wuww.cloudfront.net/ https://img.en25.com/ https://accdn.lpsnmedia.net/ https://s.yimg.jp/ https://bat.bing.com/ https://*.omtrdc.net/ https://aa.agkn.com/ https://bam-cell.nr-data.net/ https://ads.avocet.io/ https://webgwy.neustar.biz/ https://va.v.liveperson.net/ https://unpkg.com/ https://acdn.adnxs.com/ https://cdnssl.clicktale.net/ https://*.bootstrapcdn.com/ https://c.evidon.com/ https://secure.leadforensics.com/ 'unsafe-eval' https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ 'unsafe-inline' https://use.typekit.net/ https://dsp-media.eskimi.com/ https://sp10056b1c.guided.ss-omtrdc.net/ https://*.d41.co/ https://*.liveperson.net/ https://*.vivocha.com/ https://script.crazyegg.com/ https://code.jquery.com/ https://www.cdn-net.com/ https://js-agent.newrelic.com/ https://*.exactag.com/ https://so.rlcdn.com/ https://dev.visualwebsiteoptimizer.com/ https://www.americanexpress.com.kw/ https://analytics.tiktok.com/ https://service.maxymiser.net/ https://ads.avct.cloud/ https://www.americanexpress.com.mo/ https://www.googletagmanager.com/ https://*.aexp-static.com/ https://www.youtube.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://tag.bounceexchange.com/ https://*.americanexpress.com/ https://e3.insurance.online-eapp.com/ https://cdn.appdynamics.com/ https://*.google-analytics.com/ https://ct.contentsquare.net/ https://nexus.ensighten.com/ https://mc.yandex.ru/ https://*.googleapis.com/ https://www.americanexpress.com.sa/ https://www.amexpressnetwork.com/ https://sc-static.net/ http://ajax.googleapis.com/ https://www.google.com/; base-uri 'self' https://www.aexp-static.com/; plugin-types image/svg+xml; form-action https://www.cdn-net.com/ https://www.facebook.com/ https://amexhk.chubbtravelinsurance.com/ 'self' https://www.axa-travel-insurance.com/ https://tr.snapchat.com/ https://*.custhelp.com/ https://global.americanexpress.com/ https://online.americanexpress.com.sa/ https://www.cdn-path.com/ https://gi.zurich.com.hk/; frame-src https://*.americanexpress.com/ https://icm.aexp-static.com/ https://cdn.appdynamics.com/ https://*.demdex.net/ https://www.youtube-nocookie.com/ https://www.americanexpress.com.qa/ https://player.vimeo.com/ https://um.ladsp.com/ https://www.cdn-path.com/ https://vars.hotjar.com/ https://www.cdn-net.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://s.amazon-adsystem.com/ https://i1.vivocha.com/ https://va.v.liveperson.net/ https://www.americanexpress.com.kw/ https://youtube.com/ https://www.google.com/ https://www.youtube.com/ https://youtu.be/; img-src data: 'self' https:; connect-src https://amexhk.chubbtravelinsurance.com/ https://vid1029.d41.co/ 'self' https://stats.g.doubleclick.net/ https://*.vivocha.com/ https://*.custhelp.com/ https://script.crazyegg.com/ https://ds-aksb-a.akamaihd.net/ https://*.contentsquare.net/ https://www.cdn-path.com/ https://www.google-analytics.com/ https://ing-district.clicktale.net/ https://www.cdn-net.com/ https://functions.aexp.com/ https://s.yimg.com/ https://www.axa-travel-insurance.com/ https://dev.visualwebsiteoptimizer.com/ https://www.googleadservices.com/ https://analytics.tiktok.com/ https://bf93265vfe.bf.dynatrace.com/ https://*.aexp-static.com/ https://*.hotjar.com/ https://siteintercept.qualtrics.com/ https://online.americanexpress.com.sa/ https://images.trvl-media.com/ https://*.americanexpress.com/ https://secure.cmax.americanexpress.com/ https://dpm.demdex.net/ https://trc-events.taboola.com/ https://tr.snapchat.com/ https://lib-us-1.brilliantcollector.com/ https://bat.bing.com/ https://dining-offers-prod.amex.r53.tuimedia.com/ https://gi.zurich.com.hk/ https://bam-cell.nr-data.net/ https://www.facebook.com/ https://vc.hotjar.io/ https://aeopprodvip.acxiom.com/ https://c.evidon.com/ https://www.google.com/ wss://*.hotjar.com/ https://col.eum-appdynamics.com/ data:; object-src 'self' https://icm.aexp-static.com/; worker-src 'self' blob:; media-src https://origin-slgem.americanexpress.com/ https://www.aexp-static.com/ https://*.llnw.net/ 'self' http://production.smedia.lvp.llnw.net/; frame-ancestors 'none'; font-src https://e3.insurance.online-eapp.com/ https://www.aexpstatic.com/ https://fonts.gstatic.com/ https://use.typekit.net/ 'self' https://cdn.vivocha.com/ https://*.aexp-static.com/ https://cloud.typenetwork.com/ data:; 8
report-uri https://www.rbb-online.de/app/tpso-cspr/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 8
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 8
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 8
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 8
script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; object-src about:; base-uri 'self' 8
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 7
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 7
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 7
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 7
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 6
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 6
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 6
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 6
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data: https://www.facebook.com https://px.ads.linkedin.com; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-GaHpYEdZ/Ni/moK2YkhTZ3sda7WfN/XtF5CnKTWYATY=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 6
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php 6
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://cex.io/ws/;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 6
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bam-cell.nr-data.net https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://script.hotjar.com https://secure.onespan.com https://serve.nrich.ai https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.nrich.ai https://tribl.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://onesignal.com https://secure.onespan.com https://tribl.io https://use.fontawesome.com; base-uri 'self'; object-src 'none'; connect-src 'self' https://serve.nrich.ai https://bam-cell.nr-data.net https://308-zmt-742.mktoresp.com https://analytics.google.com https://log.intellimize.co https://stats.g.doubleclick.net https://www.google-analytics.com https://bam-cell.nr-data.net https://tag.nrich.ai https://serve.nrich.ai https://www.google.ca https://secure.onespan.com https://www.facebook.com https://audience.nrich.ai https://tracking.chilipiper.com https://in.hotjar.com https://maps.googleapis.com https://ws30.hotjar.com wss://ws30.hotjar.com https://api.chilipiper.com https://api.intellimize.co; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com; frame-src 'self' https://117413300.intellimizeio.com https://player.vimeo.com https://tribl.io https://www.facebook.com https://vars.hotjar.com https://www.youtube.com https://app-abk.marketo.com  https://secure.onespan.com https://www.google.com https://boards.greenhouse.io; img-src 'self' data: https://analytics.google.com https://analytics.twitter.com https://audience.nrich.ai https://audience.nrich.ai https://ct.capterra.com https://googleads.g.doubleclick.net https://img.youtube.com https://js.chilipiper.com https://maps.googleapis.com https://maps.gstatic.com https://p.adsymptotic.com https://pixel.mintigo.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net https://stg.onespan.com https://t.co https://tribl.io https://tag.nrich.ai https://tag.nrich.ai https://validator.swagger.io https://www.facebook.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.ca https://www.google.de https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://www.onespan.com https://www.onespan.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 6
default-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' *.assurance.com; worker-src blob: *.assurance.com; report-uri https://60ede17b9dc1b52ae71f0257.endpoint.csper.io; 6
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://maps.googleapis.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.googleapis.com *.google.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.magento.com commerce.adobe.io https://maps.googleapis.com https://*.ingest.sentry.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' *.sessioncam.com 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' *.facebook.com 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.force.com nestle-forms.cs.blip.ai *.facebook.com data: *.adyen.com 'self' 'unsafe-inline'; img-src * 'unsafe-inline' data: widgets.magentocommerce.com  *.sessioncam.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.evgnet.com *.salesforce.com *.doubleclick.net *.facebook.net *.force.com  *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com  www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' *.sessioncam.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'  https://stats.g.doubleclick.net *.google-analytics.com *.nr-data.net ws.sessioncam.com ; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 6
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 5
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com *.mopinion.com; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com *.mopinion.com; img-src http: https: data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com *.mopinion.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' *.mopinion.com fonts.gstatic.com data:; connect-src 'self' *.mopinion.com; report-uri /report-csp-violation; upgrade-insecure-requests 5
default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /gen_204 5
frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 5
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 5
frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 5
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 5
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 5
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://sslwidget.criteo.com https://static.criteo.net https://api.userlike.com https://bat.bing.com https://code.jquery.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.google.nl https://www.google.fr https://www.mczbf.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://www.youtube.com https://*.cloudfront.net https://*.trustedshops.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com/bat.js https://*.doubleclick.net/ https://*.clarity.ms/ https://*.intelliad.de/ https://tracking.gdatasoftware.com https://www.clarity.ms https://www.dwin1.com https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline' https://*.trustedshops.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://adservice.google.com https://www.mczbf.com https://bat.bing.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.google.com https://*.onfastspring.com https://*.trustedshops.com https://*.clarity.ms https://tracking.gdatasoftware.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://*.trustedshops.com; frame-src 'self' https://gum.criteo.com https://static.criteo.net https://*.onfastspring.com https://*.saferpay.com https://www.youtube-nocookie.com https://www.google.com https://www.google.de https://www.gdata.de https://www.gdata.ch https://www.gdata.fr https://www.gdata.at https://www.gdata.nl https://www.gdata.it https://www.gdata.be https://www.gdata.es https://www.gdata.pt https://wwwgdatasoftware.co.uk https://www.gdatasoftware.com https://www.gdata-software.com https://www.gdata-advancedanalytics.de https://www.gdata-advancedanalytics.com https://www.gdata.co.jp https://www.gdata-china.com https://www.gdata-hongkong.com https://www.inventorofantivirus.com; img-src 'self' data: https://ad.yieldlab.net https://matching.ivitrack.com https://tracking.gdatasoftware.com https://www.google.co.jp https://www.google.co.uk https://www.google.lu https://www.google.se https://www.googletagmanager.com https://x.bidswitch.net https://*.cloudfront.net https://*.trustedshops.com https://*.linkedin.com/ https://bat.bing.com https://*.intelliad.de https://www.google-analytics.com https://www.google.com https://www.google.de https://www.google.fr https://www.google.nl https://www.google.ch https://www.google.at https://file.gdatasoftware.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' https://www.gdata.de https://www.gdata.ch https://www.gdata.fr https://www.gdata.at https://www.gdata.nl https://www.gdata.it https://www.gdata.be https://www.gdata.es https://www.gdata.pt https://www.gdatasoftware.co.uk https://www.gdatasoftware.com https://www.gdata-software.com https://www.gdata-advancedanalytics.de https://www.gdata-advancedanalytics.com https://www.gdata.co.jp https://www.gdata-china.com https://www.gdata-hongkong.com https://www.inventorofantivirus.com; report-uri https://www.gdatasoftware.com/__cspreporting__; 5
object-src 'none'; script-src 'none'; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 5
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://app.bronto.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.onetrust.com *.riskified.com cdn.cookielaw.org *.yotpo.com maps.googleapis.com maps.gstatic.com *.stats.paypal.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.bronto.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.avada.io *.onetrust.com *.riskified.com cdn.cookielaw.org *.yotpo.com *.nr-data.net *.newrelic.com maps.googleapis.com *.optimove *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.paypal.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://geoip-js.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.onetrust.com cdn.cookielaw.org *.riskified.com *.yotpo.com *.nr-data.net *.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com *.optimove *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com static.curations.bazaarvoice.com 'unsafe-inline' data: *.channelsight.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com *.snapchat.com *.tiktok.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com s.amazon-adsystem.com *.facebook.com *.fls.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org viewinyourspace.com *.viewinyourspace.com *.snapchat.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bird.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com *.youtube.com cscoreproweustor.blob.core.windows.net www.skil.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.fls.doubleclick.net *.seeitinyourspace.com *.pinterest.com *.nextdoor.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexsweepstakes2022.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.newrelic.com *.nr-data.net *.tiktok.com sc-static.net *.channelsight.com unpkg.com viewinyourspace.com *.viewinyourspace.com *.cookielaw.org *.addevent.com *.youtube.com *.pinimg.com *.nextdoor.com *.crwdcntrl.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net *.channelsight.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.bazaarvoice.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com *.channelsight.com *.google-analytics.com stats.g.doubleclick.net *.taboola.com secure-ds.serving-sys.com viewinyourspace.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.nr-data.net *.facebook.com *.tiktok.com *.snapchat.com *.cookielaw.org *.rain-staging.com *.seeitinyourspace.com *.gstatic.com blob: *.googleapis.com *.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 5
script-src 'self' 5
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 5
default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data:; 5
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.googleadservices.com *.googletagmanager.com;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline' *.reachtheworldonfacebook.com reachtheworldonfacebook.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com media-dev-reachtheworldonfacebook.s3.us-east-2.amazonaws.com media-reachtheworldonfacebook.s3.ap-southeast-1.amazonaws.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.mktoresp.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data: media-dev-reachtheworldonfacebook.s3.us-east-2.amazonaws.com media-reachtheworldonfacebook.s3.ap-southeast-1.amazonaws.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com;worker-src blob: *.facebook.com data: *.reachtheworldonfacebook.com reachtheworldonfacebook.com 'unsafe-eval' *.googleadservices.com *.googletagmanager.com *.google-analytics.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 5
worker-src 'none'; 5
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
child-src 'self' blob: https://youtube.com https://www.youtube.com https://plusone.google.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://facebook.com https://connect.facebook.net https://platform.twitter.com https://bat.bing.com https://sdk.privacy-center.org https://bam.eu01.nr-data.net https://www.clarity.ms https://d.clarity.ms https://*.doubleclick.net https://tr.snapchat.com https://servedby.flashtalking.com https://insight.adsrvr.org https://vars.hotjar.com; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com s7.addthis.com; script-src-elem 'self' 'unsafe-inline' walibi.fr https://apis.google.com https://www.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://service.maxymiser.net https://snap.licdn.com https://t.contentsquare.net https://youtube.com https://www.youtube.com https://plusone.google.com https://www.gstatic.com https://facebook.com https://connect.facebook.net https://bat.bing.com https://sdk.privacy-center.org https://bam.eu01.nr-data.net https://*.clarity.ms https://cdn.goldenbees.fr https://tag.goldenbees.fr https://sc-static.net https://js-agent.newrelic.com https://api.ipify.org https://s.pinimg.com https://js.adsrvr.org https://insight.adsrvr.org https://static.hotjar.com https://script.hotjar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com s7.addthis.com 5
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 4
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 4
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/csp 4
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com *.arcgis.com use.fontawesome.com *.nj.gov fonts.gstatic.com *.googleapis.com use.typekit.net www.googletagmanager.com maxcdn.bootstrapcdn.com nj.gov unpkg.com *.cloudfront.net *.custhelp.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: abs.twimg.com *.tiktok.com www.google.com *.googleapis.com t.co www.gstatic.com nj.gov clients1.google.com sp.analytics.yahoo.com fonts.gstatic.com match.adsrvr.org *.arcgis.com www.njsp.org files.constantcontact.com *.addthis.com www.rnengage.com ton.twimg.com *.nj.gov translate.google.com 1468.global.siteimproveanalytics.io imgssl.constantcontact.com www.google-analytics.com *.doubleclick.net placeimg.com *.cloudfront.net www.googletagmanager.com www.credit-card-logos.com pbs.twimg.com *.state.nj.us *.facebook.com content.govdelivery.com *.twitter.com 77497.global.siteimproveanalytics.io; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.state.nj.us; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.arcgis.com public.govdelivery.com *.addthis.com insight.adsrvr.org *.googleapis.com www.googletagmanager.com www.cdc.gov match.adsrvr.org www.njaqinow.net docs.google.com nj.gov *.state.nj.us *.nj.gov www.google.com *.twitter.com *.cloudfront.net *.doubleclick.net www.youtube.com *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: translate.google.com maxcdn.bootstrapcdn.com cse.google.com clients1.google.com z.moatads.com *.cloudfront.net content.govdelivery.com v1.addthisedge.com s.yimg.com *.twitter.com www.googletagmanager.com *.addthis.com *.googleadservices.com use.fontawesome.com cdn.syndication.twimg.com stackpath.bootstrapcdn.com *.googleapis.com *.doubleclick.net *.tiktok.com siteimproveanalytics.com *.custhelp.com www.google-analytics.com www.gstatic.com js.adsrvr.org code.jquery.com cdnjs.cloudflare.com *.nj.gov unpkg.com *.state.nj.us public.govdelivery.com nj.gov www.rnengage.com www.google.com *.facebook.net sdk.amazonaws.com *.ads-twitter.com *.arcgis.com; form-action  *.state.nj.us www.google.com nj.gov; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.nj.gov; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com *.cloudfront.net *.nj.gov cdn.datatables.net cdnjs.cloudflare.com p.typekit.net code.jquery.com *.state.nj.us unpkg.com use.typekit.net *.twitter.com px.animaapp.com *.googleapis.com use.fontawesome.com malsup.github.io ton.twimg.com stackpath.bootstrapcdn.com nj.gov www.google.com *.custhelp.com *.arcgis.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov *.doubleclick.net www.google.com *.twitter.com *.custhelp.com *.facebook.com analytics.google.com *.arcgis.com *.tiktok.com cognito-identity.us-east-1.amazonaws.com *.addthis.com *.cloudfront.net *.state.nj.us *.nj.gov s.yimg.com public.govdelivery.com *.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 4
default-src 'self' data: https://fonts.gstatic.com/ https://cdn.podigee.com/ https://main.podigee-cdn.net/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  img-src 'self' data: https://pixel.consentric.de/ https://c1.adform.net/ https://t23.intelliad.de/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://deutschepostag1.d3.sc.omtrdc.net/ https://deutschepostwpmdpagprod2.112.2o7.net/ https://deutschepostpostidprod.112.2o7.net/ https://deutschepostag.112.2o7.net/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://www.facebook.com/ https://www.google.com/ https://t.leadlab.click/ https://insight.adsrvr.org/ https://www.bing.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://cdn.cookielaw.org/ https://assets.adobedtm.com/ https://maps.google.com/ https://maps.googleapis.com/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/ https://www.bing.com/ https://r.bing.com/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://dev.virtualearth.net/ https://service.force.com/ https://d.la1-c1-fra.salesforceliveagent.com/ https://d.la3-c2-fra.salesforceliveagent.com/ https://d.la1-c1cs-fra.salesforceliveagent.com/ https://meinservice.my.salesforce.com/ https://www.google.com/ https://www.gstatic.com/ https://meinservice-dhl-sites.secure.force.com/ https://static.heidelpay.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://cdn.tt.omtrdc.net/ https://meinservice--rqa.my.salesforce.com/ https://pay.google.com/ https://assets.braintreegateway.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  style-src 'self' 'unsafe-inline' https://meinservice.my.salesforce.com/ https://service.force.com/ https://www.bing.com/ https://r.bing.com/ https://meinservice-dhl-sites.secure.force.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  frame-src 'self' https://www.youtube.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://www.google.com/ https://payment.heidelpay.com/ https://assets.adobedtm.com/ https://deutschepost.elaine-asp.de/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  connect-src 'self' https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://assets.adobedtm.com/ https://dpcomepost.tt.omtrdc.net/ https://privacyportal-de.onetrust.com/ https://t.leadlab.click/ https://www.bing.com/ https://meinservice--rqa.my.salesforce.com/ https://deutschepostag1.d3.sc.omtrdc.net/ https://meinservice-dhl-sites.secure.force.com/ https://pixel.consentric.de/ https://meinservice.my.salesforce.com/ https://client-analytics.braintreegateway.com/ https://api.braintreegateway.com/ https://api.sandbox.braintreegateway.com/ https://payments.braintree-api.com/ https://payments.sandbox.braintree-api.com/ https://assets.braintreegateway.com/ https://braintree-sample-merchant.herokuapp.com/ https://origin-analytics-sand.sandbox.braintree-api.com/ https://depst-salaut-prod1.pegacloud.net/ https://depst-mara-dt1-decisionhub.pegacloud.net/ https://depst-mara-stg1-decisionhub.pegacloud.net/ https://depst-mara-prod1-decisionhub.pegacloud.net/ https://payment.heidelpay.com/ https://api.heidelpay.com/ https://www.google-analytics.com/ https://insight.adsrvr.org/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  report-uri /bin/csp/report 4
default-src https: wss: 4
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.dow.com dow.6connex.com; report-uri /cxsite/csp-report/csp-report.html 4
default-src https: 'unsafe-inline' data: 4
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 4
upgrade-insecure-requests; base-uri 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://fonts.googleapis.com; report-uri /csp-report/ 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 4
default-src 'self' *.smartschool.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com https://ssl.p.jwpcdn.com stats.wp.com use.typekit.net p.jwpcdn.com *.google-analytics.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' c0.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com data:; img-src 'self' *.typekit.net pixel.wp.com *.google-analytics.com stats.g.doubleclick.net data:; connect-src performance.typekit.net stats.g.doubleclick.net; report-uri /csp-violation.php 4
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 4
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 4
default-src 'self';      font-src 'self' https://fonts.gstatic.com ;      connect-src 'self' https://*.amazonaws.com http://*.ows.farm https://*.ows.farm https://vimeo.com https://www.youtube.com https://*.go-mpulse.net https://*.cookiebot.com https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.it https://*.akstat.io https://*.akamaihd.net https://maps.googleapis.com https://analytics.google.com https://stats.piaggio.com https://testride-backoffice.piaggio.com https://jhgateway.piaggiogroup.com;      frame-src 'self' https://*.cookiebot.com https://*.addthis.com https://player.vimeo.com https://vars.hotjar.com https://jdata.piaggio.com;      img-src 'self' data: 'self' http://*.ows.farm https://*.ows.farm https://*.cloudfront.net https://*.aprilia.com https://*.piaggio.com https://*.motoguzzi.com https://*.vespa.com https://*.piaggiogroup.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.it;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ;      script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://*.cookiebot.com https://polyfill.io https://*.neodatagroup.com https://*.getflowbox.com https://maps.googleapis.com https://www.googletagmanager.com https://www.youtube.com https://*.addthis.com https://www.google-analytics.com https://connect.facebook.net https://www.dwin1.com https://*.go-mpulse.net https://*.hotjar.com https://www.googleadservices.com https://googleads.g.doubleclick.net 4
frame-ancestors 'self'; report-uri /stf/reportiframe 4
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 4
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 4
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; 4
report-uri /api/csp-report/ 4
report-uri /report-csp-violation; upgrade-insecure-requests 4
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 4
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.mmapiws.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com  *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.indexww.com *.facebook.net; report-uri https://cmsmedios2.report-uri.com/r/d/csp/reportOnly 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com  *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com *.eloqua.com https://s754241824.t.eloqua.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 4
default-src 'self' *.google-analytics.com fonts.gstatic.com 'unsafe-inline' pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdn.cookielaw.org 'unsafe-eval' *.visualwebsiteoptimizer.com bid.g.doubleclick.net; font-src 'self' fonts.gstatic.com *.dataweavers.io; frame-ancestors 'none'; img-src 'self' *.adsymptotic.com *.dataweavers.io data: *.visualwebsiteoptimizer.com app.vwo.com *.google-analytics.com t.co www.facebook.com px.ads.linkedin.com www.google.com www.google.com.au; script-src-elem 'self' www.googletagmanager.com static.ads-twitter.com platform.twitter.com *.licdn.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com 'unsafe-inline' *.google-analytics.com cdn.cookielaw.org *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.dataweavers.io 'unsafe-eval' www.googleadservices.com analytics.twitter.com ws.zoominfo.com; style-src-elem 'self' *.dataweavers.io 'unsafe-inline'; worker-src 'self' blob:; 4
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 4
default-src 'self';               script-src 'self' 'unsafe-eval' 'unsafe-inline' pt d2oh4tlt9mrke9.cloudfront.net www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com;               connect-src 'self' ws.sessioncam.com *.dynatrace.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com;               img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net;               style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com;               font-src 'self' fonts.gstatic.com;               frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com;              worker-src blob:; 4
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.fontawesome.com *.tawk.to fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://hps.github.io https://api2.heartlandportico.com *.tawk.to *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://hps.github.io https://api2.heartlandportico.com *.facebook.com *.tawk.to cdn.jsdelivr.net *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://hps.github.io https://api2.heartlandportico.com *.googletagmanager.com *.facebook.net *.avada.io *.tawk.to cdn.jsdelivr.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com fonts.googleapis.com cdn.jsdelivr.net tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.tawk.to wss://*.tawk.to https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://www.gstatic.com https://fonts.gstatic.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; frame-ancestors https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com cdn.dnky.co youtube.com www.youtube.com *.hotjar.com https://www.google.com *.facebook.com *.trustpilot.com *.criteo.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.google.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com https://www.google.com https://www.gstatic.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; object-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; media-src *.zopim.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; manifest-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedc.net api.comapi.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; child-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; default-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 4
font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 4
font-src data: *.fontawesome.com/ data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://bid.g.doubleclick.net/ *.fls.doubleclick.net vars.hotjar.com cdn.krxd.net insight.adsrvr.org *.flashtalking.com *.amazon-adsystem.com *.optimizely.com *.google.com *.pepperjamnetwork.com www.xtento.com *.bounceexchange.com ids.cdnwidget.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com tst.kaptcha.com *.paypal.com https://www.paypalobjects.com/ *.weltpixel.com https://www.facebook.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: pt.ispot.tv bat.bing.com sp.analytics.yahoo.com google.com ct.pinterest.com facebook.com https://www.facebook.com/ *.amazon-adsystem.com *.doubleclick.net *.krxd.net www.xtento.com cdn.xtento.com cdn.cookielaw.org store.paradoxlabs.com *.bounceexchange.com *.bouncex.net *.cdnwidget.com pippio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com edge.curalate.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com contentorigin.bazaarvoice.com google-analytics.com static.hotjar.com script.hotjar.com *.facebook.net bat.bing.com s.pinimg.com js.adsrvr.org s.yimg.com *.doubleclick.net *.g.doubleclick.net *.kruxd.net *.listrakbi.com *.listrak.com *.newrelic.com *.nr-data.net *.optimizely.com *.amazonaws.com *.ucarecdn.com *.krxd.net *.google.com *.gstatic.com *.pepperjam.com www.xtento.com cdn.xtento.com cdn.cookielaw.org *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.execute-api.us-east-1.amazonaws.com *.maxmind.com *.pages04.net *.appboycdn.com edge.curalate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.listrakbi.com unsafe-inline *.bounceexchange.com *.bazaarvoice.com https://apps.bazaarvoice.com/ *.fontawesome.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com s.yimg.com ct.pinterest.com google-analytics.com *.listrakbi.com *.nr-data.net *.optimizely.com *.pepperjam.com cdn.cookielaw.org *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.mmapiws.com https://in.hotjar.com/ *.doubleclick.net edge.curalate.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 4
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pal-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com *.vimeo.com *.youtube.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com *.weltpixel.com https://odr.promo.dev/ https://vars.hotjar.com/ https://td.yieldify.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com 'self' data: *.gstatic.com http://lindt-hg65tr.your-printq.com https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://tools.luckyorange.com https://static-eu.payments-amazon.com/checkout.js https://script.hotjar.com/ https://static.hotjar.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.google-analytics.com https://www.google-analytics.com https://settings.luckyorange.com wss://mqtt.luckyorange.com https://ws36.hotjar.com/ wss://ws36.hotjar.com/api/v2/client/ws https://in.hotjar.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src * data: blob:;worker-src 'self' blob:;script-src blob: 'unsafe-inline' https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://www.googletagmanager.com/gtag/js https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;object-src 'none';style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;report-uri /csp-report 3
report-uri /ab/csp/index; report-to csp-endpoint 3
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 3
require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 3
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 3
default-src 'self' 'unsafe-inline' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.drift.com *.driftt.com *.kinstacdn.com api.intellimize.co www.google-analytics.com www.instagram.com www.googleadservices.com *.quoracdn.net www.google.com *.googleapis.com snap.licdn.com googleads.g.doubleclick.net rum-static.pingdom.net *.wistia.com *.wistia.net api.greenhouse.io cdn.segment.com https://cdn.split.io cdn.madkudu.com cdn.bizible.com ga.clearbit.com app-sj27.marketo.com widget.drift.com *.jquery.com https://www.google-analytics.com https://www.googletagmanager.com *.quora.com *.hsforms.com *.hsforms.net munchkin.marketo.net s.adroll.com d.adroll.mgr.consensu.org d.adroll.com *.facebook.net static.ads-twitter.com *.twitter.com twitter.com *.6sc.co *.dca0.com *.twimg.com tpc.googlesyndication.com use.typekit.net drift.referralrock.com gateway.on24.com; img-src 'self' 'unsafe-inline' data: * ; report-uri https://o13824.ingest.sentry.io/api/5269096/security/?sentry_key=e9bb6faf1b4c4ce1927908a451904d1d 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 3
default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.google.com *.googleapis.com *.youtube.com *.facebook.com connect.facebook.net *.addthis.com *.moatads.com *.addthisedge.com api.map.baidu.com cdn.jsdelivr.net cdnjs.cloudflare.com kxlogo.knet.cn *.doubleclick.net snap.licdn.com d.line-scdn.net *.hotjar.com *.go-mpulse.net *.gigabyte.com *.gigabyte.com.tw; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gigabyte.com *.gigabyte.com.tw; img-src 'self' data: https: http://faq.gigabyte.com; font-src 'self' fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gigabyte.com *.gigabyte.com.tw data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com http://www.youtube.com *.facebook.com *.doubleclick.net *.addthis.com *.hotjar.com *.gigabyte.com *.gigabyte.com.tw;  3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
frame-ancestors https://*.n.rich; report-uri https://o1168991.ingest.sentry.io/api/6261364/security/?sentry_key=7d242ac12119401194fa3bf0fb45a4bf 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 3
default-src: 'self'; report-uri https://o13610.ingest.sentry.io/api/6173537/security/?sentry_key=7ac906c405c04da0bad984892f88d1bb 3
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; report-uri /error/js; img-src 'self' https: data:; 3
script-src https://shopping.com https://*.shopping.com https://*.paypalobjects.com https://*.paypal.com https://www.google-analytics.com https://checkout.ebay.com 'unsafe-inline'; connect-src https://shopping.com https://*.shopping.com https://*.paypal.com; form-action https://shopping.com https://*.shopping.com; img-src https://shopping.com https://*.shopping.com https://*.paypal.com https://*.ebayimg.com https://*.cnnx.io https://*.ebayadservices.com https://www.paypalobjects.com data:; report-uri https://monitor.ebay.com/csp-report/shoppingdotcom 3
"default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.allposters.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com *.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com code.jquery.com *.intercom.io *.artprintimages.com *.affirm.com *.allpostersimages.com; object-src 'none'; base-uri 'self'; report-uri https://csp.prod.walmart.com/c/r/artal;" 3
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::BPROD_3_0_N 3
default-src * 'unsafe-inline' 'unsafe-eval' https:;  img-src * 'self' https: data: blob:;  font-src * 'self' https: data:; media-src * 'self' https: data:; script-src * https: data: 'unsafe-inline' 'unsafe-eval'; child-src * https: blob: data:; report-uri /api/sitecore/CSP/SecurityReport; 3
default-src 'self' blob: https://*.avrotros.org https://*.avrotros.nl https://www.google-analytics.com https://cdn.ampproject.org/ https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://graph.facebook.com https://adserving.optoutadvertising.com; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' 'report-sample' https://opgelicht.avrotros.nl/cdn-cgi/challenge-platform/; style-src * 'unsafe-inline' 'report-sample';  media-src *; frame-src *; object-src https://open.spotify.com https://embed.spotify.com https://player.vimeo.com https://w.soundcloud.com https://avrotros.nl https://issuu.com https://e.issuu.com https://www.google.com https://www.google.nl https://localfocus2.appspot.com https://m.kro-ncrv.nl https://giphy.com https://media.giphy.com https://media2.giphy.com https://opgelicht.avrotros.nl https://radar.avrotros.nl https://eenvandaag.avrotros.nl https://stories.avrotros.nl; base-uri 'self'; form-action 'self'; worker-src 'self' blob:; 3
default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 3
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 3
font-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.googleapis.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
script-src 'self' https://ajax.googleapis.com https://f1000researchdata.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 3
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net 	 https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 3
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://px.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com https://googleads.g.doubleclick.net;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com 3
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://s.go-mpulse.net https://cdn.siteimprove.net pagecdn.io; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.go-mpulse.net https://cdn.siteimprove.net pagecdn.io; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/reportOnly 3
default-src https: 'unsafe-inline' 3
base-uri 'none'; report-uri https://vault.gostatera.com/collect/csp 3
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.yotpo.com *.bounceexchange.com *.ada.support *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.trustpilot.com *.facebook.com *.bulk.com *.studentbeans.com *.doubleclick.net *.zenaps.com *.criteo.net *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.yotpo.com bulk.com *.bulk.com *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.google.co.in *.facebook.com *.facebook.net *.bouncex.net *.bounceexchange.com *.monetate.net bulkpowders.co.uk *.gstatic.com *.postcodeanywhere.co.uk *.klarnacdn.net *.klarna.com *.zenaps.com *.awin1.com *.atdmt.com *.doubleclick.net *.cooladata.com *.bing.com *.quantserve.com t.co *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.yotpo.com *.monetate.net *.dwin1.com *.facebook.net *.bounceexchange.com *.jetlore.com *.ada.support *.scarabsearch.com *.scarabresearch.com *.g.doubleclick.net *.trustpilot.com *.queue-it.net *.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.pcapredict.com *.klarnacdn.net *.postcodeanywhere.co.uk *.co-buying.com *.studentbeans.com *.zenaps.com *.sciencebehindecommerce.com *.criteo.net *.criteo.com *.cooladata.com *.zendesk.com *.zdassets.com *.bing.com *.quantserve.com *.quantcount.com *.twitter.com js.klevu.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.yotpo.com *.googleapis.com *.typekit.net *.bounceexchange.com *.postcodeanywhere.co.uk *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src *.bulk.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.yotpo.com *.ada.support *.google-analytics.com *.g.doubleclick.net *.scarabresearch.com *.logs.datadoghq.com *.bouncex.net *.nr-data.net *.klarnaevt.com *.postcodeanywhere.co.uk *.bulk.com *.sciencebehindecommerce.com *.zdassets.com *.zendesk.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com *.connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com asciinema.org *.addtoany.com https://translate.googleapis.com; script-src 'self'  'unsafe-inline'  'unsafe-eval'  data:  blob:  *.connect.facebook.net/en_US/   https://stg.01.org/  https://code.jquery.com/  https://www.googletagmanager.com/  https://www.google-analytics.com/analytics.js  https://connect.facebook.net/en_US/  https://*.static.addtoany.com/menu/  https://static.addtoany.com/menu/page.js  https://static.addtoany.com/menu/locale/ https://static.addtoany.com/menu/svg/icons.29.svg.js  https://geoip-db.com/jsonp ; img-src 'self' data: blob: https://secure.gravatar.com/avatar/ https://software.intel.com/sites/ https://corpredirect.intel.com/ https://*.www.gstatic.com/images/ https://www.googletagmanager.com/ https://www.gstatic.com/images/branding/product/ http://1.bp.blogspot.com/ http://2.bp.blogspot.com/ http://3.bp.blogspot.com/ http://4.bp.blogspot.com/ https://asciinema.org/ https://img.youtube.com/vi/ https://www.google-analytics.com/collect https://lh3.googleusercontent.com/ https://lh4.googleusercontent.com/ https://lh5.googleusercontent.com/ https://lh6.googleusercontent.com/; font-src 'self' *.fonts.gstatic.com/s/roboto/v20/ https://*.fonts.gstatic.com/s/roboto/v20/; report-uri /admin/config/system/seckit/csp-report 3
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.doubleclick.net ka-p.fontawesome.com network.prismahealth.org *.facebook.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn-images.kyruus.com www.prismahealth.org kyruus-app-static.kyruus.com www.google-analytics.com www.google.com *.facebook.com 6147797.global.siteimproveanalytics.io www.googletagmanager.com prismahealth.org lp.prismahealth.org; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.prismahealth.org prismahealth.org; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google.com www.youtube.com www.googletagmanager.com match.adsrvr.org *.youtube-nocookie.com *.facebook.com prismahealth.org insight.adsrvr.org; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com js.adsrvr.org prismahealth.org *.googleadservices.com lp.prismahealth.org *.doubleclick.net www.google-analytics.com kit.fontawesome.com www.prismahealth.org siteimproveanalytics.com www.google.com *.facebook.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ka-p.fontawesome.com use.typekit.net prismahealth.org lp.prismahealth.org www.prismahealth.org; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.prismahealth.org; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: p.typekit.net prismahealth.org use.typekit.net lp.prismahealth.org www.prismahealth.org; form-action  *.facebook.com; report-uri /csp_report 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.doubleclick.net *.driftt.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net *.bing.com *.clarity.ms; font-src * data:; frame-src 'self' static.addtoany.com; img-src * data:; media-src * blob:; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net *.bing.com *.clarity.ms www.forgerock.com http://www.forgerock.com blob: https://fast.wistia.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com https://unpkg.com; report-uri https://forgerock.report-uri.com/r/t/csp/wizard 3
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/verily 3
font-src fonts.googleapis.com fonts.gstatic.com data: *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com cdn.jst.ai ajax.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.vimeo.com *.hotjar.com *.doubleclick.net cdn.jst.ai *.paymetric.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://a.klaviyo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com via.placeholder.com *.cdninstagram.com *.klaviyo.com *.google.com *.facebook.com *.fls.doubleclick.net *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.gstatic.com *.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 3
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.gigya.com https://*.gigya.com https://consentcdn.cookiebot.com https://*.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.gigya.com 'self' data: 'unsafe-inline' data: https://*.gigya.com https://www.google.it https://bam.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com https://legals.paninigroup.com https://*.cookiebot.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.addthis.com https://*.facebook.com https://*.addthisedge.com https://*.moatads.com https://*.recaptcha.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://legals.paninigroup.com https://stats.g.doubleclick.net https://*.facebook.com https://bam.nr-data.net https://*.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' affil.eshop-rychle.cz exponea-api.eshop-rychle.cz www.youtube.com www.google.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com; img-src 'self' www.facebook.com www.google.com www.google.cz www.google-analytics.com googleads.g.doubleclick.net c.seznam.cz www.seznam.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' affil.eshop-rychle.cz connect.facebook.net www.google.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com c.imedia.cz www.seznam.cz exponea-api.eshop-rychle.cz; style-src 'self' 'unsafe-inline' fonts.googleapis.com 3
default-src 'self'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com linkedin.sc.omtrdc.net lnkd.tt.omtrdc.net opreq.observepoint.com www.linkedin-ei.com adservice.google.com stats.g.doubleclick.net static.licdn.com; img-src data: blob: android-webview-video-poster: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; script-src-elem 'unsafe-inline' tags.tiqcdn.com *.salesforceliveagent.com platform.linkedin-ei.com platform.linkedin.com content.linkedin.com snap.licdn.com sjs.bizographics.com www.linkedin.com bcvipva02.rightnowtech.com sb.scorecardresearch.com; frame-ancestors 'self'; object-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=ms 3
default-src 'self'; font-src *; img-src *; script-src * localhost:35729 'unsafe-inline'; script-src-attr 'none'; style-src * 'unsafe-inline'; style-src-attr 'none' 3
frame-src 'self' *.sharepoint.com  *.facebook.com *.cloudfront.net *.doubleclick.net *.adsrvr.org *.youtube.com *.google.com 3
font-src fonts.gstatic.com *.fontawesome.com data: *.gstatic.com *.photoslurp.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.adyen.com *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.youtube.com *.vimeo.com *.photoslurp.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.adyen.com data: eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com *.cloudfront.net *.amazonaws.com bat.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net i.ytimg.com *.photoslurp.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com cdn.doofinder.com polyfill.io *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com *.newrelic.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fontawesome.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.adyen.com *.photoslurp.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.doubleclick.net dc.ads.linkedin.com analytics.twitter.com *.google-analytics.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: jquery.com *.jquery.com *.cloudflare.com mobiliar.rokka.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.jquery.com cdn.jsdelivr.net www.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com *.google-analytics.com www.gstatic.com ajax.aspnetcdn.com *.google.com *.facebook.net *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net *.cloudflare.com cdn.rawgit.com *.youtube.com *.tiqcdn.com *.tealiumiq.com visitor-service-eu-central-1.tealiumiq.com *.jacando.jobs *.evenito.com evenito.com *.ytimg.com rtclauncher.luware.com *.googleoptimize.com *.hotjar.com *.newrelic.com bam.eu01.nr-data.net https://googleads.g.doubleclick.net *.google.ch unpkg.com jquery.com code.jquery.com *.googleadservices.com mobiliar.ch mobiliere.ch mobiliare.ch protekta.ch mobi24.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.protekta.ch *.mobi24.ch *.datatrans.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cloudflare.com *.googleapis.com *.jsdelivr.net *.evenito.com fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com *.google-analytics.com *.linkedin.com *.gstatic.com *.googleusercontent.com *.facebook.com *.googleapis.com www.google.com *.google.com www.google.ch *.google.ch *.googletagmanager.com *.doubleclick.net cdn.rawgit.com raw.githubusercontent.com *.rokka.io *.jsdelivr.net *.doubleclick.net *.tdbtrk.com *.tiqcdn.com *.tealiumiq.com mobiliar-pub.ch *.googleapis.com *.google.de *.google.mk *.google.ml i.ytimg.com cm.g.doubleclick.net translate.google.com mobiliar.ch mobiliare.ch mobiliere.ch google.gr *.google.it *.google.com.mx *.google.com.pk *.google.co.kr *.google.ae; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.doubleclick.net *.youtube.com *.jacando.jobs *.helloeko.com *.eko.com anchor.fm *.hotjar.com zswpmanager.wip.mmc.com *.essd.ch *.3w-group.ch *.simplex.tv *.fls.doubleclick.net gateway.zscloud.net mobiliar.ch mobiliere.ch mobiliare.ch protekta.ch mobi24.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.protekta.ch *.mobi24.ch *.datatrans.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleusercontent.com fonts.gstatic.com github.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com *.google.com *.google.ch analytics.google.com *.doubleclick.net *.tealiumiq.com *.tiqcdn.com *.tdbtrk.com rtclauncherapi.luware.com wss://rtclauncherapi.luware.com *.googleapis.com *.databridge.tdbtrk.com *.akamai.tiqcdn.com wss://*.hotjar.com *.hotjar.com *.hotjar.io bam.eu01.nr-data.net jquery.com code.jquery.com rdtds.net; report-uri /report-csp-violation 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=communities 3
default-src 'none'; script-src 'self' consent.cookiebot.com consentcdn.cookiebot.com assets.adobedtm.com connect.facebook.net snap.licdn.com www.googletagmanager.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net munchkin.marketo.net www.google.com www2.techem.com https://app-nld102.marketo.com/js/forms2/js/forms2.min.js https://app-nld102.marketo.com/ https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://assets.sitescdn.net/answers-search-bar/v1.0/ https://answers-embed.techem.de.pagescdn.com/ *.adition.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net/answers-search-bar/v1.0/ https://app-nld102.marketo.com/ www2.techem.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data:; img-src 'self' data: https: *.adspirit.de; frame-src consentcdn.cookiebot.com www.youtube.com www.facebook.com bid.g.doubleclick.net techem.prospective.de *.yextpages.net answers-embed.techem.de.pagescdn.com app-nld102.marketo.com www2.techem.com; manifest-src 'self'; connect-src 'self' https://784-bqv-997.mktoresp.com https://549-bho-641.mktoresp.com/ www.google.com www.facebook.com 549-bho-641.mktoutil.com 784-bqv-997.mktoutil.com googleads.g.doubleclick.net www2.techem.com https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/ https://www2.techem.com/ https://adservice.google.com/pagead/regclk https://consentcdn.cookiebot.com/ https://tmd.sc.omtrdc.net/ https://api.widget.trengo.eu https://gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com api.friendlycaptcha.com https://prod-102.westeurope.logic.azure.com:443/workflows/83f5229f56584e679f262805c2577a90/triggers/manual/paths/ https://answers.yext-pixel.com/realtimeanalytics/ https://liveapi.yext.com https://liveapi-cached.yext.com; media-src 'self' https://static.widget.trengo.eu; child-src blob:; report-uri https://4e57f0243286eb0ed979a1aef3232f6d.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' *.optomaeurope.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.optomaeurope.com *.optoma.co code.jquery.com fast.fonts.net  www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://unpkg.com *.unpkg.com secure.neck6bake.com https://youtube.com *.youtube.com youtube.com *.vimeo.com static.cloudflareinsights.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io api.mapbox.com *.jsdelivr.net cdn.polyfill.io https://cdnjs.cloudflare.com https://ldynamicspublicapi.leadforensics.com https://*.fontawesome.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.optomaeurope.com *.optoma.co https://tagmanager.google.com https://fonts.googleapis.com *.jsdelivr.net; img-src 'self' blob: data: *.optomaeurope.com *.optoma.co *.youtube.com *.ytimg.com *.vimeo.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io https://ssl.gstatic.com https://www.gstatic.com https://s3-us-west-2.amazonaws.com *.optoma.com; media-src 'self' *.optomaeurope.com; frame-src 'self' *.optomaeurope.com *.optoma.co *.youtube.com *.youtube-nocookie.com *.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://player.simplecast.com; font-src 'self' *.optomaeurope.com *.optoma.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com data: ; connect-src 'self' *.optomaeurope.com https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://ldynamicspublicapi.leadforensics.com *.storerocket.io https://storerocket.io storerocket.global.ssl.fastly.net *.mapbox.com https://stats.g.doubleclick.net https://*.fontawesome.com; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/reportOnly 3
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: data:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 3
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 3
font-src *.sagepay.com https://js.klevu.com http://js.klevu.com https://fonts.gstatic.com http://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com https://widget.trustpilot.com http://widget.trustpilot.com https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com https://cdn-images.mailchimp.com http://cdn-images.mailchimp.com https://connect.nosto.com http://connect.nosto.com https://js.klevu.com http://js.klevu.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.sagepay.com https://www.fencestore.co.uk http://www.fencestore.co.uk https://www.shedstore.co.uk http://www.shedstore.co.uk https://www.buyfencingdirect.co.uk http://www.buyfencingdirect.co.uk https://www.buyshedsdirect.co.uk http://www.buyshedsdirect.co.uk https://www.buylogcabinsdirect.co.uk http://www.buylogcabinsdirect.co.uk https://www.greatlittlegarden.co.uk http://www.greatlittlegarden.co.uk https://www.bmgardenbuildings.co.uk http://www.bmgardenbuildings.co.uk https://js.klevu.com http://js.klevu.com https://accdn.lpsnmedia.net http://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net https://lptag.liveperson.net http://lptag.liveperson.net https://lo.v.liveperson.net http://lo.v.liveperson.net https://connect.nosto.com http://connect.nosto.com https://widget.trustpilot.com http://widget.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com https://www.fencestore.co.uk http://www.fencestore.co.uk https://www.shedstore.co.uk http://www.shedstore.co.uk https://www.buyfencingdirect.co.uk http://www.buyfencingdirect.co.uk https://www.buyshedsdirect.co.uk http://www.buyshedsdirect.co.uk https://www.buylogcabinsdirect.co.uk http://www.buylogcabinsdirect.co.uk https://www.greatlittlegarden.co.uk http://www.greatlittlegarden.co.uk https://www.bmgardenbuildings.co.uk http://www.bmgardenbuildings.co.uk https://fonts.googleapis.com http://fonts.googleapis.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://js.klevu.com http://js.klevu.com https://cdn-images.mailchimp.com http://cdn-images.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
report-uri https://sjc1.qualtrics.com/csp-report 3
report-uri https://sentry.io/api/1479396/security/?sentry_key=ebff80a744024d8a8f5630df4ea55e5d&sentry_environment=PROD&sentry_release=2022-5-16-1; default-src 'self'; script-src 'self' static.dynamicsignal.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com cdn.pendo.io data.pendo.io translate.google.com *.googleapis.com *.cloudfront.net cdnjs.cloudflare.com platform.twitter.com connect.facebook.net assets.adobedtm.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' static.dynamicsignal.com *.cloudfront.net *.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; font-src * data: blob:; img-src * data: blob:; media-src * data: blob:; frame-src 'self' www.youtube.com platform.twitter.com www.facebook.com reg.voicestorm.com reg-eu.voicestorm.com reg.voicestorm.biz reg.dynamicsignal.com; manifest-src *; connect-src 'self' static.dynamicsignal.com api.dynamicsignal.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com translate.google.com *.googleapis.com *.cloudfront.net *.doubleclick.net platform.twitter.com connect.facebook.net assets.adobedtm.com *.sentry.io sentry.io olivia.paradox.ai gateway.zscloud.net relay.voicestorm.com relay-eu.voicestorm.com relay.voicestorm.biz relay.dynamicsignal.com freq.voicestorm.com freq-eu.voicestorm.com freq.voicestorm.biz freq.dynamicsignal.com api.voicestorm.com api-eu.voicestorm.com api.voicestorm.biz api.dynamicsignal.com apigateway.voicestorm.com apigateway-eu.voicestorm.com apigateway.voicestorm.biz apigateway.dynamicsignal.com streaming.voicestorm.com:* streaming-eu.voicestorm.com:* streaming.voicestorm.biz:* streaming.dynamicsignal.com:* 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 3
form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iterable.com *.brilliantcollector.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src cdn.loom.com www.honeywellpluggedin.com s3.lightboxcdn.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src helenoftroy--tst3.widget.custhelp.com www.lightboxcdn.com www.honeywellpluggedin.com s3.lightboxcdn.com *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; frame-src public.cobrowse.oraclecloud.com vars.hotjar.com 10164223.fls.doubleclick.net vice01.pur.com insight.adsrvr.org services.sdiapi.com vice01.honeywellpluggedin.com d1eoo1tco6rr5e.cloudfront.net bid.g.doubleclick.net vice01.vickshumidifiers.com helenoftroy.custhelp.com share.hsforms.com www.youtube-nocookie.com tpc.googlesyndication.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com vice-prod.sdiapi.com *.brilliantcollector.com *.paymetric.com *.weltpixel.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src consent.trustarc.com www.rnengage.com crrecommendedmark.org www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.vickshumidifiers.com blob: www.honeywellpluggedin.com www.pur.com www.google.co.uk consent-pref.trustarc.com www.google.nl www.google.co.za www.google.co.in prod-phoenix-hh.heledigital.com www.lightboxcdn.com s3.lightboxcdn.com ct.pinterest.com www.google.com.hk www.google.com.vn assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; connect-src vice-prod.sdiapi.com rules.atgsvcs.com in.hotjar.com ct.pinterest.com rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com reports.sdiapi.com bam-cell.nr-data.net analytics.google.com crrecommendedmark.org stats.g.doubleclick.net bt.signifyd.com consent-pref.trustarc.com data-ejma.app.daas.us-phoenix-1.ocs.oraclecloud.com vc.hotjar.io region1.analytics.google.com www.google.co.in adservice.google.com www.google.com www.honeywellpluggedin.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com *.iterable.com *.brilliantcollector.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; script-src services.sdiapi.com vice-prod.sdiapi.com static.hotjar.com sc97923419us4.cobrowse.oraclecloud.com cdn-assets.rapidspike.com static.atgsvcs.com public.cobrowse.oraclecloud.com consent.trustarc.com helenoftroy--tst3.custhelp.com www.googleoptimize.com script.hotjar.com www.google.com sc-static.net helenoftroy--tst3.widget.custhelp.com js-agent.newrelic.com www.rnengage.com bam-cell.nr-data.net ygscdn.azureedge.net static.ads-twitter.com s.pinimg.com rules.atgsvcs.com ajax.cloudflare.com www.youtube.com www.lightboxcdn.com lightboxapi.azurewebsites.net googleads.g.doubleclick.net connect.facebook.net www.googletagmanager.com tpc.googlesyndication.com www.honeywellpluggedin.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.iterable.com *.brilliantcollector.com www.xtento.com cdn.xtento.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; 3
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 3
default-src 'none'; script-src 'self' 'unsafe-eval' https://www.googleoptimize.com https://cdn.cookielaw.org https://*.mutinycdn.com https://d2c7xlmseob604.cloudfront.net 'sha256-09i4AWokmEmm6Xf4VnfX81XolkoAMDCJvfdfJlP5Ab4=' 'sha256-dRFH+TXDvASWWrsMkIeDmELTKAqptEiJh+299/59BUU=' 'sha256-IWGIsg1U5mon7c38uPIpRVRWrSilS+ey2Dp3q2208TU=' 'sha256-paT8fBGOtK3nkhGazWTfRCYXOG/pubylwthGOtoWO/E=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk=' 'sha256-jJnbKS0QlbPjAGrJOn9lmCJcsYlL7QHTvWNPBa1y6yA=' 'sha256-qoKHf0EN7296KIec+9B7hm/MLAIrH6j0SdLCr/3qvHM=' www.googletagmanager.com cdn.bizible.com https://bat.bing.com www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://redditstatic.com https://www.redditstatic.com https://www.fastly-insights.com https://*.fastly-insights.com https://www.google-analytics.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.fastly.com https://cdn.cookielaw.org *.doubleclick.net https://d.turn.com https://bat.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://www.google-analytics.com https://px.ads.linkedin.com https://alb.reddit.com https://www.google.com https://p.adsymptotic.com; worker-src data: blob:; connect-src 'self' localhost:* ws: https://cdn.cookielaw.org https://api.smartling.com https://*.fastly-insights.com https://fastly-insights.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io; frame-src *.doubleclick.net https://vars.hotjar.com; font-src 'self' data:; report-uri https://csp.global.ssl.fastly.net/csp/fastly-prod?report_only=1; 2
default-src 'self';base-uri 'self' https://*.microsoft.com https://*.skype.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.azure.net https://*.s-microsoft.com https://*.ytimg.com https://www.youtube.com https://*.microsoft.com https://*.skypeassets.com https://*.clicktale.net https://*.wx-int.trafficmanager.net https://*.wx-int.skype.com https://*.skype.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net https://connect.facebook.net/ https://js.monitor.azure.com/;style-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.skype.com https://*.skypeassets.com https://*.microsoft.com https://*.s-microsoft.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net;img-src 'self' data: blob: https://docs.botframework.com https://bot-framework.azureedge.net https://*.skype.com https://*.skypeassets.com https://c.microsoft.com https://*.clicktale.net https://*.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://www.facebook.com https://*.msecnd.net https://ad.doubleclick.net https://adservice.google.com;font-src data: https://*.skypeassets.com https://*.s-microsoft.com https://*.microsoft.com https://assets.onestore.ms https://*.skype.com https://fonts.gstatic.com;media-src 'self' data: blob: https://*.skypeassets.com https://*.skype.com;connect-src https://*.skype.com https://*.clicktale.net https://*.microsoft.com https://*.live.com https://*.skypeassets.com wss://*.trouter.skype.com https://web.vortex.data.microsoft.com https://prod-video-cms-rt-microsoft-com.akamaized.net https://eus-streaming-video-rt-microsoft-com.akamaized.net https://wus-streaming-video-rt-microsoft-com.akamaized.net;object-src 'none';frame-ancestors 'none';frame-src 'self' https://*.microsoft.com https://*.skype.com https://*.live.com https://www.youtube.com;form-action https://login.skype.com;report-uri https://edge.skype.com/r/c; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/business_google 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 2
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sentry.dev www.googletagmanager.com www.google-analytics.com www.googleadservices.com js.driftt.com connect.facebook.net assets.calendly.com player.vimeo.com www.redditstatic.com m.servedby-buysellads.com static.zdassets.com googleads.g.doubleclick.net bat.bing.com munchkin.marketo.net cdn.bizible.com cdn.amplitude.com; connect-src 'self' sentry.io *.sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com ekr.zdassets.com sentry.zendesk.com www.google-analytics.com stats.g.doubleclick.net 776-mjn-501.mktoresp.com; img-src 'self' data: www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net assets.calendly.com q.quora.com alb.reddit.com www.facebook.com www.googletagmanager.com bat.bing.com www.google.com i.vimeocdn.com i.ytimg.com cdn.bizible.com cdn.bizibly.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com bid.g.doubleclick.net; manifest-src 'self' www.sentry.dev; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 2
frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::BPROD_3_0_DESKTOP_REF 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
block-all-mixed-content; frame-ancestors 'none'; object-src 'none'; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 2
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com  wss://*.hotjar.com wss://*.qualified.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 2
frame-ancestors 'self' https://console.twilio.com;report-uri https://www.twilio.com/console/api/cspr 2
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 2
default-src 'none'; script-src 'report-sample' 'self'; font-src 'self'; img-src 'self'; style-src 'self'; report-uri /.netlify/functions/csp-violation; 2
default-src 'self' *.6sense.com *.6sc.co; script-src 'self'; connect-src 'self'; form-action 'self'; report-uri https://greenhouseprod.report-uri.com/r/d/csp/wizard; 2
default-src 'self'; script-src 'report-sample' 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data: https://i3.cpcache.com https://static.cpcache.com; manifest-src 'self'; media-src 'self'; report-uri https://625ef5b4063b0bf3ec0402ab.endpoint.csper.io/?v=0; worker-src 'none'; 2
frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 2
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 2
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 2
script-src 'self' https://d3sq5bmi4w5uj1.cloudfront.net ajax.googleapis.com https://ie7-js.googlecode.com https://cdnjs.cloudflare.com connect.facebook.net uhf.microsoft.com c.microsoft.com cs.microsoft.com c.s-microsoft.com wcpstatic.microsoft.com platform.twitter.com 'sha256-l9ZHmyP+aSQUbzDsO0Z5mU5KmeKTw7h+LYWUCcvjK/o=' 'sha256-PaS0gCgkEvlXwzUjXAo0jysAvDXOc3iIttQamgrvXk0=' 'sha256-LJOONddNtIMPVfcLsFATXyL4P23f3znxXz4FxYemkxI=' 'sha256-9iOvn7LxDLljYZpLeETJMw2obbWSDMr5bD4EvVwobT8=' 'sha256-0E0vDUBHZEKS2e6EIVqnrTnKVNyC9EkRVPrg1eYPjfk=' 'sha256-qKAjO5ncQUIDDV6E+i9Ki0B02qMSMSYn7Qz3CCeUadA=' 'sha256-e+Muvfq9cFCKaGyU2s/dw33x7jyiRjzSxMMWigxtces=' 'sha256-X13pZMYtfc8rLgpPU27DRu9ogdGOie2/WSSRXrvb4qw=' 'sha256-qBq7Yi1crTUnQMu1SOv+OLIkSbFYKoUR5uEZmtGdr18=' 'sha256-3lrmNAZ6kNZZTLuCfq9dwAOOuM3LB25Zw3lZQb6u5mA=' 'sha256-4yQMvgCymLvSmnCJ3fBR7j5ULSCezuYQiYkcA5JNVEY=' 'sha256-ktmU5paXGPR9mdN2uSWY55YcgQeImJRGVoRPrUQgASY=' 'sha256-MA2y0MDJ4KekIetpCUKmHXxHGlTrzqzVnitomCSNO14=' 'sha256-SeFjbS0LfxHLZ4dSTKm3BJQLbYE7L30x+Dieoa6QQwM=' 'sha256-SCdeHAIyndSsvnKndC84UH7e8hWXZfGZi1sXICbMEfM=' 'sha256-H/0P7dZMBnkxNkAxjKwW4ZkIbOu+jUatI5iXj220Mzw=' 'sha256-K2eMQjiqAXlEEKU1OI//ND8SNuV5nMOGNBQxtt0fK+g=' 'sha256-teb0gd16eHO96p+TWUf4Qk9ED1HJmiBTon8ooUoBh00=' 'sha256-Kdb1cN+XVz5wzuxh0LQlnyRgRjSv4+NQJ0c57mBi0pc=' 'sha256-dc0kLiLbea/nrL24ZXilOuRrs2VzRffX05RSQdgHUsU=' 'sha256-LjreJQqJjPxAIN/hThhUIWTziFE4758qAZp8fvAjruM=' 'sha256-o62lg6aR4njGCW/O+wQfymrm7gCZOXINNMAQNuD1VGM=' 'sha256-j3H8aCmyA0faDUoXS4euhLBRHBatCYqsLfaeZoZ86RQ='; style-src 'self' 'unsafe-inline' d3sq5bmi4w5uj1.cloudfront.net uhf.microsoft.com c.s-microsoft.com; img-src 'self' syndication.twitter.com analytics.twitter.com t.co uhf.microsoft.com c.microsoft.com *.facebook.com d3sq5bmi4w5uj1.cloudfront.net images.mxpnl.com wdgcdn.azureedge.net asgcdn.azureedge.net; frame-src *.facebook.com platform.twitter.com c1.microsoft.com c.bing.com; font-src 'self' data:; report-uri https://csp.skype.com 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://analytics.twitter.com https://bam.nr-data.net https://bi-beta.pst.tech https://bi.pst.tech https://blog.postman.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.polyfill.io https://dl.pstmn.io https://fast.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://in.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://ms1frkqnsp7r.statuspage.io https://munchkin.marketo.net https://pages.getpostman.com https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://script.hotjar.com https://skills-assets.pstmn.io https://www.slideshare.net https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://vars.hotjar.com https://www.youtube.com https://p.adsymptotic.com https://assets.getpostman.com https://www.linkedin.com https://pixel.mathtag.com https://js.driftt.com https://www.googleleadservices.com https://google.g.doubleclick.net https://web.postman.com https://manifest.webmanifest https://www.googleadservices.com https://googleads.g.doubleclick.net https://px4.ads.linkedin.com https://i.ytimg.com https://api.mapbox.com https://events.mapbox.com https://identity.getpostman-beta.com https://identity.getpostman.com https://www.youtube-nocookie.com https://run.pstmn.io https://t7vhfmsv15.execute-api.us-east-1.amazonaws.com https://player.twitch.tv https://conversation.api.drift.com https://st-ar.cdn.postman.com https://vc.hotjar.io https://ws9.hotjar.com wss://ws9.hotjar.com https://821881030.privacysandbox.googleadservices.com/ https://bifrost-https-v4.gw.postman.com https://voyager.postman.com https://res.cloudinary.com/ https://app.launchdarkly.com/ https://events.launchdarkly.com/ https://api.amplitude.com/ https://clientstream.launchdarkly.com wss://ws1.hotjar.com wss://ws8.hotjar.com https://ws8.hotjar.com 'unsafe-inline'; form-action 'self'; base-uri 'self';  block-all-mixed-content; report-uri https://sentry.postmanlabs.com/api/738/security/?sentry_key=9f4634749cc5431981a67baf042d0e9e; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 2
block-all-mixed-content; frame-ancestors 'none'; report-uri /global-cgi-bin/csp-report 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::PROD_3_3_51 2
default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 2
media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: amadeus.com; form-action  *.facebook.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: m9m6e2w5.stackpathcdn.com fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com amadeus.com *.googleapis.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com www.shareaholic.net geoip-js.com www.google-analytics.com geolocation.onetrust.com *.demdex.net amadeus.com privacyportal-eu.onetrust.com *.omtrdc.net collection.decibelinsight.net cdn.cookielaw.org wss://collection.decibelinsight.net cdn.decibelinsight.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.demdex.net *.doubleclick.net *.facebook.com tools.eurolandir.com *.twitter.com www.google.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.everesttech.net www.google.at www.google.co.th *.linkedin.com www.google.com.ph www.google.fr s266319173.t.eloqua.com *.doubleclick.net www.google-analytics.com www.google.bg *.twitter.com *.facebook.com www.google.de amadeus.com www.google.ca www.google.co.in www.google.co.jp *.omtrdc.net *.facebook.net t.co www.google.es www.google.co.uk img.youtube.com *.demdex.net www.google.com cdn.cookielaw.org www.google.com.mx www.google.pl; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net cdn.decibelinsight.net www.google.com.eg cdn.cookielaw.org *.facebook.net www.googletagmanager.com tags.tiqcdn.com snap.licdn.com *.googleadservices.com cdnjs.cloudflare.com apps.shareaholic.com m9m6e2w5.stackpathcdn.com tools.euroland.com js.maxmind.com www.youtube.com *.ads-twitter.com *.twitter.com img06.en25.com www.google.com www.google.ca www.google.de www.google.co.jp; report-uri /csp_report 2
child-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.podbean.com https://embed.tawk.to https://cdn.jsdelivr.net https://connect.facebook.net https://script.hotjar.com https://snap.licdn.com https://bat.bing.com https://sc-static.net; object-src 'none'; script-src 'self' 'report-sample' https://cdn.cookielaw.org https://geolocation.onetrust.com 'sha256-kGiTBKKHWdmgeya48OmtE54PjZ3xGgrvLSJsDBB26hw=' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; script-src-elem 'self' 'report-sample' https://cdn.cookielaw.org https://geolocation.onetrust.com https://search.sheffield.ac.uk 'sha256-kGiTBKKHWdmgeya48OmtE54PjZ3xGgrvLSJsDBB26hw=' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'report-sample' https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' https://search.sheffield.ac.uk/; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sense.com *.addthisedge.com *.omtrdc.net *.everesttech.net *.demdex.net *.adobedtm.com *.scene7.com *.akamaihd.net *.adnxs.com *.baidu.com *.prod.bidr.io *.btttag.com *.brightcove.com *.brightcove.net *.zencdn.net *.cloudflare.com *.contentsquare.net *.company-target.com *.demandbase.com *.doubleclick.net *.adsymptotic.com *.d41.co *.dynatrace.com *.facebook.com *.facebook.net *.fontawesome.com *.fullstory.com *.google.co.in *.google.co.jp *.google.co.uk *.google.com *.google.com.hk *.google.fr *.google.kr *.google.es *.google.de *.google.ru *.google.ie *.google.am *.google.com.co *.google.com.ph *.google.com.au *.google.hu *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs.llnwd.net *.linkedin.com *.licdn.com *.i.lithium.com *.microsoftazuread-sso.com *.ni.com *.agkn.com *.newrelic.com *.nr-data.net *.moatads.com *.polyfill.io *.qualtrics.com *.quantcount.com *.quantserve.com *.rlcdn.com *.force.com *.salesforce.com *.salesforceliveagent.com *.pardot.com *.krxd.net *.rfihub.com *.serving-sys.com *.addthis.com *.adsrvr.org *.truste.com *.twitter.com *.ads-twitter.com t.co *.6sc.co *.rezync.com *.analytics.yahoo.com *.yimg.com unpkg.com *.psiexams.com *.systemlinkcloud.com *.systemlinkcloud.io mythinkscape.com *.mythinkscape.com *.multisim.com *.boltdns.net *.3playmedia.com *.paymetric.com *.captchas.net *.bing.com *.pagespeed-mod.com *.lithcloud.com *.jsdelivr.net *.cloudfront.net *.amazonaws.com *.day.com *.mathjax.org *.zoominsoftware.io *.bootstrapcdn.com *.nicdn.net *.leadsrx.com *.quizscape.com *.thoughtindustries.com *.wistia.com *.credly.com *.kbmax.com *.certain.com *.fonts.net *.typekit.net *.khoros.app.box.com *.limuirs-asset.lithium.com data: blob; object-src 'none'; worker-src * data: blob: 'unsafe-inline';  media-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://zn4mbdaokn6kcahtg-cypress.siteintercept.qualtrics.com https://79423.analytics.edgekey.net https://cdnjs.cloudflare.com https://connect.facebook.net https://e.video-cdn.net https://img.en25.com https://oc-cdn-public-eur.azureedge.net https://rules.quantcount.com https://s1968580696.t.eloqua.com https://script.hotjar.com https://secure.quantserve.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://cdn.botframework.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net; object-src 'self'; connect-src 'self' https://www.infineon.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://api.flockler.com https://asset-out-cdn.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://d.video-cdn.net https://in.hotjar.com https://infineon.product-discontinuation.com https://licensing.bitmovin.com https://ma307-r.analytics.edgekey.net https://oc-cdn-public-eur.azureedge.net https://stats.g.doubleclick.net https://vc.hotjar.io https://vod.video-cdn.net https://www.google-analytics.com; font-src 'self' data: https://e.video-cdn.net https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://www.infineon.com https://chatbot.infineon.com https://oc-cdn-public-eur.azureedge.net https://players.brightcove.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://www.promeas.com; img-src 'self' data: https://www.infineon.com https://www.infineon-brandportal.com https://pbs.twimg.com https://www.kununu.com https://www.glassdoor.com https://s722891043.t.eloqua.com https://siteintercept.qualtrics.com https://asset-out-cdn.video-cdn.net https://media-api.flockler.com https://media-exp1.licdn.com https://pixel.quantserve.com https://px.ads.linkedin.com https://s1968580696.t.eloqua.com https://www.bluewind.it https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; manifest-src 'self'; media-src 'self' data:; base-uri 'self'; report-uri https://www.infineon.com/rest/csp/report; worker-src blob:; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:; report-uri /csp_rep 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
default-src 'self' data: blob: mediastream: http://*.uni-kiel.de https://*.uni-kiel.de 'unsafe-inline' 'unsafe-eval';  2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 2
default-src 'self'; script-src 'self' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' https://www.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.ingest.sentry.io https://cdn.plyr.io; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://www.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 2
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 2
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; 2
default-src https:; script-src 'self' 2
connect-src 'self' *.catawiki.com *.criteo.com *.criteo.net *.hotjar.com *.pndsn.com *.pusher.com analytics.google.com analytics.tiktok.com api.honeybadger.io bat.bing.com ct.pinterest.com sockjs.pusher.com stats.g.doubleclick.net surveystats.hotjar.io vc.hotjar.io wss://*.hotjar.com wss://*.pusher.com www.facebook.com www.google-analytics.com; default-src 'self' *.catawiki.com cdn.catawiki.net; font-src 'self' *.catawiki.com cdn.catawiki.net script.hotjar.com static.criteo.net; form-action 'self' *.catawiki.com www.facebook.com; frame-src *.catawiki.com *.criteo.com *.criteo.net 5139330.fls.doubleclick.net bid.g.doubleclick.net ct.pinterest.com js.stripe.com platform.twitter.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.trustpilot.com www.youtube.com; img-src * blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.catawiki.com *.criteo.com amplify.outbrain.com analytics.tiktok.com assets.pinterest.com assets.zendesk.com bat.bing.com cdn.catawiki.net cdn4.userzoom.com connect.facebook.net google-analytics.com googleads.g.doubleclick.net js.stripe.com platform.twitter.com s.pinimg.com script.hotjar.com snap.licdn.com ssl.google-analytics.com static.criteo.net static.hotjar.com tpc.googlesyndication.com w.usabilla.com widget.trustpilot.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' *.catawiki.com cdn.catawiki.net; worker-src 'self' *.catawiki.com blob: cdn.catawiki.net; report-uri https://eeb7190034dc4a3687cc7f4e7c3e993e.report-uri.com/r/d/csp/reportOnly; report-to csp-endpoint 2
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.etracker.com/ https://*.etracker.de/ https://*.signalize.com/; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com; frame-src 'self' www.youtube.com; child-src 'self' www.youtube.com; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src * ldb1: data:; media-src * data: about:; frame-ancestors 'self' *.aleks.com *.connectmath.com *.mhcampus.com; report-uri /aleks/csp_report?stamp=web2020111702&uri=%2F&referer= 2
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com cdnassets.hw.net *.googlesyndication.com images.hw.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdns.gigya.com cdns.us1.gigya.com *.googlesyndication.com www.google.com *.doubleclick.net www.youtube.com *.facebook.com images.hw.net; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: images.hw.net ads2000.hw.net cdnassets.hw.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.facebook.net ads2000.hw.net www.google-analytics.com *.doubleclick.net hit.uptrendsdata.com images.hw.net cdns.gigya.com cdn.ampproject.org www.google.com adservice.google.com cdnassets.hw.net *.googlesyndication.com www.googletagservices.com rumcdn.geoedge.be; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googlesyndication.com cdnassets.hw.net cdns.gigya.com www.google-analytics.com www.google.com ads2000.hw.net analytics.responsiveads.com www.googletagmanager.com images.hw.net *.doubleclick.net *.facebook.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: images.hw.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdns.gigya.com cdnassets.hw.net hb.emxdgt.com gw.geoedge.be *.doubleverify.com *.googlesyndication.com *.lijit.com cdns.us1.gigya.com *.rubiconproject.com hit.uptrendsdata.com *.casalemedia.com *.doubleclick.net ; form-action 'none' data: blob: ; report-uri /csp_report 2
block-all-mixed-content; default-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; report-uri https://ae2fed611bf04be7d3efc10226296849.report-uri.com/r/d/csp/reportOnly 2
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 2
default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
frame-ancestors 'none'; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; object-src 'none'; frame-src 'none'; child-src 'none'; img-src 'self'; font-src 'self'; connect-src 'none'; manifest-src 'none'; base-uri 'self'; form-action 'none'; media-src 'none'; prefetch-src 'none'; worker-src 'none'; report-uri https://gate.rapidsec.net/g/r/csp/1fd6f776-a9fc-4559-b96f-35c786b7aac4/0/0/3?sct=ec2420d6-f204-40ea-aa00-9274e9514a62&dpos=report 2
connect-src 'self' *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com *.doubleclick.net *.addthis.com *.addthisedge.com *.dataweavers.io *.contently.com cdn.cookielaw.org *.raygun.io settings.luckyorange.net; default-src 'self'; font-src 'self' *.dataweavers.io fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' *.addthis.com *.addthisedge.com burly.io *.burly.io static.ads-twitter.com platform.twitter.com *.adsrvr.org *.visualwebsiteoptimizer.com app.vwo.com *.twitter.com www.google.com *.contently.com gateway.on24.com player.vimeo.com; img-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.adroll.com *.adsymptotic.com *.dataweavers.io www.googletagmanager.com *.google-analytics.com www.globalpaymentsinc.com *.bidswitch.net ads.yahoo.com px.ads.linkedin.com data: *.adnxs.com *.openx.net www.facebook.com *.rlcdn.com *.reson8.com *.demdex.net *.company-target.com *.mathtag.com *.bluekai.com cdn.cookielaw.org; media-src 'self' gpnprodsxavideo.azureedge.net player.vimeo.com cdn-gss.dataweavers.io; script-src 'self' 'unsafe-eval' *.dataweavers.io blob:; script-src-elem 'self' www.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com burly.io *.burly.io *.licdn.com *.google-analytics.com *.addthis.com *.addthisedge.com 'unsafe-inline' *.dataweavers.io pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com static.ads-twitter.com platform.twitter.com code.jquery.com *.contently.com *.youtube.com *.ytimg.com cdn.cookielaw.org *.moatads.com *.adroll.com *.adsrvr.org *.adroll.com connect.facebook.net *.moatads.com www.google.com d.adroll.mgr.consensu.org www.gstatic.com *.raygun.io gateway.on24.com player.vimeo.com i.simpli.fi *.cloudfront.net; style-src 'self' 'unsafe-inline' *.dataweavers.io; style-src-elem 'self' fonts.gstatic.com 'unsafe-inline' static.ads-twitter.com platform.twitter.com *.facebook.net www.googletagmanager.com *.adroll.com *.dataweavers.io *.visualwebsiteoptimizer.com app.vwo.com *.adsrvr.org *.licdn.com burly.io *.burly.io fonts.googleapis.com cdn.cookielaw.org; worker-src 'self' blob:; 2
default-src 'self'; base-uri 'self'; script-src 'unsafe-inline' 'self' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com stats.pusher.com; style-src 'self' 'unsafe-inline' *.rvo.nl; object-src *.rvo.nl; connect-src 'self' *.rvo.nl *.rovid.nl *.obi4wan.ai *.shoppingminds.net *.pusher.com *.obi4wan.com; img-src 'self' data: *.rvo.nl *.rovid.nl *.obi4wan.com *.shoppingminds.com *.mediatheekrijksoverheid.nl services.arcgisonline.com www.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.mediatheekrijksoverheid.nl; form-action 'self' *.rvo.nl; frame-ancestors 'self'; frame-src 'self' *.rvo.nl; script-src-elem 'self' 'unsafe-inline' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com stats.pusher.com; upgrade-insecure-requests; report-uri https://sentry.dtnr.nl/api/23/security/?sentry_key=75abd3b6f5714c10b9152afedb286218&sentry_environment=prod 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 2
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2
default-src 'none'; frame-ancestors 'none'; base-uri 'self'; object-src 'self'; child-src 'self'; img-src 'self' stats.g.doubleclick.net www.google-analytics.com; font-src 'self'; form-action 'self'; manifest-src 'self'; style-src 'unsafe-inline' 'self' www.googletagmanager.com tagmanager.google.com; style-src-elem 'unsafe-inline' 'self' www.googletagmanager.com tagmanager.google.com; worker-src 'self'; script-src 'unsafe-inline' 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; script-src-elem 'unsafe-inline' 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; connect-src 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; report-to csp-endpoint; report-uri /beacon/deprecated/csp; style-src-attr 'unsafe-inline'; script-src-attr 'unsafe-inline'; 2
string 2
report-uri /cspreport; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://bat.bing.com https://karwei.bbvms.com https://*.bazaarvoice.com https://*.clarity.ms https://cloudstatic.obi4wan.com https://connect.getflowbox.com https://*.facebook.net www.google.com https://www.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.mopinion.com https://*.pinimg.com https://tdn.r42tag.com https://*.relay42.com; object-src 'self' 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
frame-ancestors 'self' https://www.konicaminolta.us;block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://translate.google.com https://translate.googleapis.com https://use.typekit.net https://*.googletagmanager.com https://*.google-analytics.com https://gateway.zscloud.net https://e7q9u6c7.stackpathcdn.com https://connect.facebook.net https://secure.gravatar.com https://cdnjs.cloudflare.com https://script.crazyegg.com;style-src 'self' 'report-sample' 'unsafe-inline' translate.googleapis.com *.typekit.net pwm-image.trendmicro.com gateway.zscloud.net e7q9u6c7.stackpathcdn.com secure.gravatar.com fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com;object-src 'none';frame-src 'self' pwm-image.trendmicro.com connect.facebook.net *.facebook.com www.googletagmanager.com;child-src 'self' blob: connect.facebook.net *.facebook.com www.googletagmanager.com;img-src 'self' www.gstatic.com translate.googleapis.com translate.google.com *.typekit.net *.facebook.com *.gstatic.com https://*.zscloud.net *.konicaminolta.us *.stackpathcdn.com;font-src 'self' data: *.avast.com use.typekit.net at.alicdn.com gateway.zscloud.net e7q9u6c7.stackpathcdn.com fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com;connect-src 'self' www.gstatic.com translate.google.com translate.googleapis.com performance.typekit.net use.typekit.net e7q9u6c7.stackpathcdn.com kmbs.konicaminolta.us connect.facebook.net *.facebook.com *.gravatar.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com *.crazyegg.com about: stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com;manifest-src 'self';base-uri 'self';form-action 'self' connect.facebook.net *.facebook.com;media-src 'self' data: *.w.org;prefetch-src 'self';worker-src 'self' blob:;report-uri https://gate.rapidsec.net/g/r/csp/3bc35b59-d482-4ea8-b706-d773c5ea44c1/0/6/-1?sdkv=1.3.4_agent-wordpress&sct=3b9e9f44-bbbd-4c70-932c-b62796e0a6be&dpos=report; 2
default-src 'self' *.my127.site blob: *.webpipeline.net *.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com  'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:;; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.webpipeline.net *.brightcove.net *.googletagmanager.com *.zencdn.net *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.yimg.jp *.googleadservices.com amanresorts.pxf.io impactradius-event.com utt.impactcdn.com ojrq.net logs-01.loggly.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com; style-src 'self' 'unsafe-inline' cloud.typography.com *.webpipeline.net *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com; img-src 'self' *.my127.site data: *.webpipeline.net *.brightcove.net *.brightcove.com *.boltdns.net *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com; media-src 'self' blob: *.akamaihd.net *.boltdns.net *.buyatab.com *.aman.com; frame-src *; frame-ancestors 'self'; font-src 'self' *.my127.site data: *.webpipeline.net *.typekit.net *.aman.com *.gstatic.com; connect-src 'self' *.my127.site *.aman.com 'unsafe-eval' amanresorts.pxf.io impactradius-event.com utt.impactcdn.com ojrq.net logs-01.loggly.com *.cinnox.com *.googleapis.com *.onetrust.com *.synxis.com; report-uri https://aman.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2
frame-ancestors 'self'; report-uri https://www.bodyandsoul.com.au/csp-reports 2
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.ampproject.org cdns.gigya.com hb.emxdgt.com login.builderonline.com gw.geoedge.be hit.uptrendsdata.com *.facebook.com www.google.com *.googlesyndication.com *.doubleclick.net www.google-analytics.com cdns.us1.gigya.com *.casalemedia.com *.lijit.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hit.uptrendsdata.com *.doubleclick.net www.google-analytics.com www.google.com *.facebook.com cdnassets.hw.net cdns.gigya.com *.2mdn.net www.googletagmanager.com *.googlesyndication.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google.com cdns.us1.gigya.com cdns.gigya.com www.googletagmanager.com *.facebook.com *.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com apis.google.com *.googleadservices.com adservice.google.com hit.uptrendsdata.com *.doubleclick.net rumcdn.geoedge.be *.googlesyndication.com www.google.com cdn.ampproject.org cdnassets.hw.net www.googletagservices.com cdns.gigya.com www.google-analytics.com *.facebook.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnassets.hw.net fonts.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com cdnassets.hw.net; form-action  *.facebook.com; report-uri /csp_report 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
default-src 'unsafe-inline' 'unsafe-eval' https: blob: data:; object-src 'self'; base-uri 'self'; form-action 'self' https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 2
font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com x.klarnacdn.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com bugcrowd.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com script.google.com vars.hotjar.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.affirm.com *.atdmt.com *.bing.com *.bazaarvoice.com *.clarity.ms dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.gstatic.com kcc0.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com t.co tk0x1.com *.wahoofitness.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.adnxs.com js.adsrvr.org lightboxapi.azurewebsites.net bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com *.affirm.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.google.com googleads.g.doubleclick.net www.gstatic.com static.hotjar.com script.hotjar.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv cdn.segment.com imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com resources.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com www.lightboxcdn.com x.klarnacdn.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.affirm.com bam-cell.nr-data.net *.bing.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com analytics.google.com *.hotjar.com mpsnare.iesnare.com wss: gdpr.loopme.com i.loopme.me *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b73c76520e1c6fd88a089eacc1b590fe.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport;connect-src ws: https: 'unsafe-inline' 'unsafe-eval' data:; 2
frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://assets.juicer.io https://cdn.cookielaw.org https://cdn.knightlab.com https://code.jquery.com https://connect.facebook.net https://geolocation.onetrust.com https://*.googleapis.com https://munchkin.marketo.net https://optanon.blob.core.windows.net https://snap.licdn.com https://static.ads-twitter.com https://www.buzzsprout.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.gstatic.com https://www.youtube.com https://505-xng-882.mktoweb.com https://fonts.googleapis.com https://*.mktoresp.com https://graph.facebook.com https://privacyportal-ch.onetrust.com https://stats.g.doubleclick.net https://www.juicer.io https://fonts.gstatic.com https://cdnapisec.kaltura.com https://share.transistor.fm https://www.facebook.com https://www.federli.ch https://*.fls.doubleclick.net; img-src https: data:; report-uri /api/six/cspreport; 2
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval';                   img-src * data:;                   script-src 'self' https://*.formstack.com https://www.googletagmanager.com https://transparency.nrchealth.com https://dhan-sana-cdn.azureedge.net https://js.hsforms.net https://ajax.aspnetcdn.com https://embed.typeform.com https://www.google.com https://translate.google.com https://lptag.liveperson.net https://va.v.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ajax.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://translate-pa.googleapis.com https://static.cloud.coveo.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://forms.hsforms.com https://extend.vimeocdn.com https://f.vimeocdn.com https://www.gstatic.com https://z.moatads.com https://m.addthis.com https://s7.addthis.com https://v1.addthisedge.com https://www.youtube.com https://www.ypo.education/js/jsembedcode.js https://sfapi.formstack.io https://az416426.vo.msecnd.net https://player.vimeo.com/api/player.js https://analytics.talentegy.com https://bat.bing.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://cdata.mpio.io https://rdata.mpio.io https://cdn.popt.in https://collector-11061.tvsquared.com https://d31y97ze264gaa.cloudfront.net https://data.adxcel-ec2.com https://insight.adsrvr.org https://js.adsrvr.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsleadflows.net https://my.hellobar.com https://pixel.mathtag.com https://pixel.videohub.tv https://px.ads.linkedin.com https://rules.quantcount.com https://s.adroll.com https://s.amazon-adsystem.com https://s.pinimg.com https://sc-static.net https://script.crazyegg.com https://secure.quantserve.com https://siteimproveanalytics.com https://snap.licdn.com https://st1.dialogtech.com https://static.ads-twitter.com https://tag.simpli.fi https://i.simpli.fi https://tags.srv.stackadapt.com https://tracking.logpostback.com https://trkn.us https://www.googleadservices.com https://zncyxqo8pq1nl14p3-sanford.siteintercept.qualtrics.com https://analytics.twitter.com https://sanfordhealth.mdmatchup.com https://aa.agkn.com https://js.hscollectedforms.net https://assets.sitescdn.net https://www.groupexpro.com https://*.clarity.ms https://static.doubleclick.net https://*.g.doubleclick.net https://*.fls.doubleclick.net 'unsafe-inline' 'unsafe-eval';                   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://static.cloud.coveo.com https://www.gstatic.com https://f.vimeocdn.com https://code.jquery.com https://static.formstack.com https://cdnjs.cloudflare.com https://www.youtube.com https://formsprod.azureedge.net https://cdn.thinglink.me https://www.groupexpro.com;                   font-src 'self' data: https://static.formstack.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;                   frame-src 'self' https://*.formstack.com https://player.vimeo.com https://forms.hsforms.com https://js.hsforms.net https://www.google.com https://marketingplatform.google.com https://www.googletagmanager.com https://www.youtube.com https://s7.addthis.com https://lpcdn.lpsnmedia.net https://www.pinterest.com https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.ph https://ar.pinterest.com https://in.pinterest.com https://sanfordhealth.mdmatchup.com https://www.facebook.com https://tools.sanfordhealthplan.com https://www.pinterest.co.uk https://www.mysanfordchart.org https://pixel.mathtag.com https://www.pinterest.ca https://fast.wistia.net https://players.brightcove.net https://host.visualcalc.com https://e.issuu.com https://syndication.twitter.com https://www.thinglink.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net;                   connect-src 'self' https://www.google-analytics.com https://usageanalytics.coveo.com https://dc.services.visualstudio.com https://maps.googleapis.com https://sfapi.formstack.io https://ct.pinterest.com https://api.hubapi.com https://stats.g.doubleclick.net https://forms.hubspot.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://bat.bing.com https://www.facebook.com https://m.addthis.com https://s7.addthis.com https://www.google.com https://adservice.google.com https://onesignal.com https://hubspot-forms-static-embed.s3.amazonaws.com https://dhanprod.azurefd.net https://d.adroll.com https://*.clarity.ms https://*.z1.dca0.com;                   report-uri https://csp-reporting.sanfordhealth.org;                   block-all-mixed-content; 2
manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; frame-ancestors 'self' clientelastaging.papersource.com https://s7.addthis.com; form-action 'self' https://1.camp.papersource.com:9101 https://accounts.google.com https://www.facebook.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://papersource.resultsstage.com https://tagmanager.google.com https://papersource.resultspage.com  https://cdn.cookielaw.org getfirebug.com fonts.googleapis.com *.subscribepro.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://core.spreedly.com https://papersource.resultspage.com https://app.customily.com https://js-agent.newrelic.com https://papersource.resultsstage.com https://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://*.optimove.net https://*.optimove.events https://static.zdassets.com https://bam.nr-data.net https://z.moatads.com https://v1.addthisedge.com https://widget-mediator.zopim.com/* https://widgets.pinterest.com https://graph.facebook.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://assets.pinterest.com/js/pinmarklet.js https://cdn.gartnerstudios.com https://tags.bkrtx.com https://cdn.attn.tv https://insights.bizrate.com https://*.bizrate.com *.mouseflow.com  https://cdn.cookielaw.org assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.customily.com https://*.amazonaws.com https://www.mczbf.com https://service.maxymiser.net core.spreedly.com *.subscribepro.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; media-src https://static.zdassets.com; img-src 'self' data: https://*.scene7.com https://*.paypal.com https://www.paypalobjects.com https://store.paradoxlabs.com https://papersource.resultsstage.com https://assets.resultspage.com https://www.google-analytics.com https://*.optimove.net https://*.gstatic.com https://www.googletagmanager.com https://bam.nr-data.net https://stats.g.doubleclick.net https://api.gartnerstudios.com https://app.customily.com https://cm.g.doubleclick.net/pixel* https://create.paper-source.com/* https://gcm.optimove.events/setCookie* https://www.addthis.com/bookmark.php https://log.pinterest.com https://cm.g.doubleclick.net https://gcm.optimove.events https://www.google.com/ads/ga-audiences https://*.google.com https://*.papersource.com https://*.paper-source.com https://*.emjcd.com https://*.dotomi.com *.mouseflow.com  https://cdn.cookielaw.org assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.customily.com https://*.amazonaws.com 'self' data: store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/* https://s7.addthis.com https://assets.pinterest.com https://login.dotomi.com https://www.google.com https://stags.bluekai.com https://core.conversant.mgr.consensu.org https://papersource.attn.tv fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de core.spreedly.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://static.zdassets.com https://tagmanager.google.com https://papersource.resultsstage.com fonts.googleapis.com fonts.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; connect-src 'self' https://*.addthis.com https://www.paypal.com https://*.optimove.events https://*.optimove.net https://ekr.zdassets.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://papersource.zendesk.com https://bam.nr-data.net wss://widget-mediator.zopim.com/* wss://widget-mediator.zopim.com https://static.zdassets.com https://app.customily.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://api.gartnerstudios.com/ https://cdn.gartnerstudios.com/ https://1.camp.papersource.com:9101/gartner/images https://*.sjwoe.co https://*.pinterest.com  https://cdn.cookielaw.org  https://*googleapis.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.customily.com https://*.amazonaws.com *.mczbf.com *.doubleclick.net *.google-analytics.com *.zendesk.com *.optimove.net *.zopim.com *.attn.tv *.subscribepro.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://s7.addthis.com/static/sh* 'self' 'unsafe-inline' 'unsafe-eval'; 2
report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 2
default-src 'self'; script-src 'report-sample' 'self' https://app-sj25.marketo.com/js/forms2/js/forms2.min.js https://munchkin.marketo.net/160/munchkin.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://app-sj25.marketo.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://980-uuz-493.mktoresp.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://app-sj25.marketo.com; img-src 'self' data: https://www.google-analytics.com https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none' 2
default-src 'self' *.ctfassets.net *.trackjs.com; font-src 'self'; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net www.gstatic.com; connect-src 'self' costalimited.d3.sc.omtrdc.net *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://costa.report-uri.com/r/t/csp/reportOnly; report-to default 2
object-src 'none'; 2
script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' 'unsafe-inline' https://app.uiscom.ru https://static.criteo.net https://vk.com https://dsp.setl.ru https://image.sendsay.ru https://script.marquiz.ru https://sslwidget.criteo.com https://mc.yandex.ru https://www.google-analytics.com https://top-fwz1.mail.ru https://yatr.ru https://www.google.com https://www.gstatic.com https://c8tys.tnsis.ru https://cdn3.caltat.com https://sonar.semantiqo.com https://widget.eu.criteo.com https://mc.yandex.com https://maps.api.2gis.ru https://connect.facebook.net https://server.comagic.ru 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://gum.criteo.com chrome-extension: https://creativecdn.com https://www.google.com https://yatr.ru https://spbrealty.ru https://server.comagic.ru https://saltcdn2.googleapis.com https://saltcdn2.twitter.com https://vk.com https://www.youtube.com https://saltcdn2.www.instagram.com https://ok.ru https://dl.metabar.ru https://192.168.8.1 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' https://www.webmobilefirst.com http://creativecdn.com https://api.getsecuritysuite.com https://static.criteo.net http://192.168.1.254; object-src 'self'; report-uri /cspreportonly; 2
base-uri 'self'; frame-src 'self' cookiejar.mondly.com vars.hotjar.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com www.pinterest.com 7f075c3104c14b369e4245a534bf1142.pages.ubembed.com; frame-ancestors 'self' *.mondly.com; font-src 'self' data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://*; media-src 'self' d37sy4vufic209.cloudfront.net mondly-languages-audio.azureedge.net; style-src 'self' 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com script.hotjar.com static.hotjar.com connect.facebook.net cdn.livechatinc.com api.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com www.pinterest.com 7f075c3104c14b369e4245a534bf1142.js.ubembed.com analytics.tiktok.com assets.ubembed.com 2
default-src 'self' data: mediastream: blob: 'unsafe-inline' 'unsafe-eval' inline *.ibytedtos.com *.isnssdk.com *.resso.app resso.app *.resso.com resso.com *.resso.me *.snssdk.com *.byteoversea.net *.ibyteimg.com *.ipstatp.com *.tiktokv.com *.byteoversea.com music.tiktok.com tiktokmusic-test.bytedance.net;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=m_home 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: euronet-dev01.epayworldwide.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com consent.cookiebot.com ; form-action 'none' data: blob: ; report-uri /csp_report 2
frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 2
img-src https: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src 'self' *.fineco.it *.finecobank.com finecobank.com *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com responder.wt-safetag.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com track.adform.net js.omg.neodatagroup.com trz.neodatagroup.com pixeL.mathtag.com www.google.com g.microsoft.com s2.adform.net googLeads.g.doubLeclick.net static.opentok.com cdn.cookielaw.org cdn.krxd.net cdn.evgnet.com beacon.krxd.net *.evergage.com data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk; frame-src finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk platform.twitter.com *.fls.doubleclick.net www.youtube.com *.mateti.net vars.hotjar.com track.adform.net c1.adform.net cdn.krxd.net pixel.mathtag.com widget.trustpilot.com; img-src 'self' data: https://images.fineco.it https://images.finecobank.com https://images-t.finecobank.com https://images-dev.devapps.fineco.it https://finecobank.com http://localhost:9095 https://www.googletagmanager.com https://jslog.krxd.net https://analytics.google.com https://t.mateti.net https://lt.morningstar.com https://www.morningstar.it https://t.co https://www.linkedin.com https://px.ads.linkedin.com https://beacon.krxd.net https://d.omg.neodatagroup.com https://www.youronlinechoices.com https://uip.semasio.net https://server.seadform.net https://aax-eu.amazon-adsystem.com https://pixel.mathtag.com https://tracker.neodatagroup.com https://www.google-analytics.com https://*.twimg.com https://finecoitalia01.wt-eu02.net https://bat.bing.com https://www.facebook.com https://cm.g.doubLeclick.net https://match.adsrvr.org https://dmp.adform.net https://secure.adnxs.com https://b1sync.zemanta.com https://cms.anaLytics.yahoo.com https://trz.neodatagroup.com https://www.googLe.com https://www.googLe.it https://*.fls.doubleclick.net https://cdn.evergage.com; connect-src wss://tradepush.finecobank.com https://*.fineco.it https://*.finecobank.com https://finecobank.com https://privacyportal-de.onetrust.com https://www.google.it https://www.google.com https://googleads.g.doubleclick.net https://beacon.krxd.net https://jslog.krxd.net https://*.evergage.com https://bat.bing.com https://analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io https://script.crazyegg.com https://r.mateti.net wss://*.tokbox.com https://www.google-analytics.com https://*.tokbox.com https://config.opentok.com https://anvil.opentok.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.trustpilot.com  'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.fineco.it *.finecobank.com finecobank.com geolocation.onetrust.com responder.wt-safetag.com platform.twitter.com static.opentok.com www.google-analytics.com track.adform.net s2.adform.net trz.neodatagroup.com pixel.mathtag.com d.omg.neodatagroup.com js.omg.neodatagroup.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net cdn.mateti.net static.hotjar.com static.ads-twitter.com snap.licdn.com script.crazyegg.com ethn.io script.hotjar.com analytics.twitter.com www.youtube.com widget.trustpilot.com cdn.cookielaw.org cdn.krxd.net cdn.evgnet.com consumer.krxd.net beacon.krxd.net www.dwin1.com fat.financeads.net 'unsafe-eval' 'unsafe-inline'; report-uri https://www.fineco.it/_csp-report 2
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.manoloblahnik.com *.hotjar.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.cybersource.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.adyen.com www.google.com *.hotjar.com *.cybersource.com www.facebook.com www.youtube.com www.youtube-nocookie.com the-restory.app authentication.cardinalcommerce.com *.issuu.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com blob *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com *.clarity.ms *.bing.com *.google.com *.googletagmanager.com manoloblahnik.com *.doubleclick.net.com ozplayer.global.ssl.fastly.net mcusercontent.com *.nr-data.net *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am; *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net cdnjs.cloudflare.com *.zdassets.com widget-mediator.zopim.com *.newrelic.com *.hotjar.com *.bing.com *.clarity.ms *.nr-data.net *.cardinalcommerce.com www.youtube.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com manolo.alekseon-test.eu www.manoloblahnik.com *.zdassets.com *.g.doubleclick.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.forter.com *.cloudfront.net wss://cdn0.forter.com manoloblahnikhelp.zendesk.com *.zdassets.com *.widget-mediator.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.clarity.ms *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com *.bing.com stats.g.doubleclick.net www.google.com *.google.com www.facebook.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'self' http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk *.qumucloud.com static.ads-twitter.com t.co www.brightedge.com;https://public.tableau.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 2
policy-uri /admin/config/system/seckit/csp-report 2
default-src 'self' https:; style-src 'self' 'unsafe-inline' entur.humany.net wds.ace.teliacompany.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.header.cloud.vy.no header.cloud.vy.no  *.header.cloud.vy.se header.cloud.vy.se dd.cloud.vy.no js.api.here.com ct.captcha-delivery.com dl.episerver.net az416426.vo.msecnd.net wds.ace.teliacompany.com www.googletagmanager.com/gtm.js connect.facebook.net www.google-analytics.com *.hotjar.com; connect-src blob: 'self' dd.cloud.vy.no *.hereapi.com js.api.here.com *.ace.teliacompany.net dc.services.visualstudio.com/v2/track stats.g.doubleclick.net www.facebook.com/tr/ *.cloud.vy.no *.cloud.nsb.no entur.humany.net; img-src data: 'self' images.vy.no js.api.here.com view-components.cloud.nsb.no *.adyen.com www.google-analytics.com www.facebook.com/tr/ www.google.no/ads/ www.google.com/ads/ www.googletagmanager.com; font-src 'self' *.vy.no js.api.here.com entur.humany.net ace-knowledge-cdn.teliacompany.net fonts.gstatic.com; frame-src 'self' *.id.vy.no id.vy.no *.adyen.com geo.captcha-delivery.com wds.ace.teliacompany.com *.hotjar.com; report-uri https://frontend-logger.cloud.nsb.no/log 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 2
script-src 'self' 'unsafe-inline' cdn.tagcommander.com cdn.trustcommander.net enedis.dimelochat.com https://cdnjs.cloudflare.com; frame-ancestors 'none' 2
font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.facebook.com *.twitter.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com *.facebook.net *.authorize.net *.simpli.fi *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com tags.tiqcdn.cn collect.tealiumiq.com *.criteo.com *.criteo.net *.omtrdc.net *.yimg.jp *.yahoo.co.jp prf.hn *.doubleclick.net *.line.me *.google.com *.google.it *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com sc-static.net *.usehero.com *.contentsquare.net *.demdex.net *.facebook.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.teads.tv zegna.d3.sc.omtrdc.net www.google.* *.zegna.com *.measmerize.com *.googlesyndication.com maps.gstatic.com *.riskified.com sandbox.gestpay.net ecomm.sella.it *.online-metrix.net amp.akamaized.net *.snapchat.com *.gstatic.com *.go-mpulse.net cm.everesttech.net *.googleapis.com *.akstat.io *.akamaihd.net *.line-scdn.net *.algolianet.com *.algolia.net *.algolia.com zegna-cloud-media.s3.amazonaws.com zegna-cloud-media.s3.eu-west-1.amazonaws.com zegna-cloud-media.s3-eu-west-1.amazonaws.com livechat.zegna.cn *.baidu.com blob: data: ; font-src 'self' data: *.googleapis.com *.gstatic.com; report-uri /cgi-bin/csp_report.cgi 2
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com *.criteo.com *.adform.net *.criteo.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com *.facebook.com *.cloudfront.net *.hsforms.com *.powerreviews.com *.stickyadstv.com *.cdninstagram.com *.emxdgt.com *.outbrain.com *.adnxs.com *.pubmatic.com *.3lift.com *.media.net *.casalemedia.com *.bidswitch.net *.revcontent.com *.teads.tv *.taboola.com *.smartadserver.com *.sharethrough.com *.360yield.com *.liadm.com *.criteo.com *.postrelease.com *.tremorhub.com *.mediavine.com *.yieldmo.com *.clmbtech.com *.bing.com *.dmxleo.com *.smaato.net *.tapad.com *.addthis.com *.digitaleast.mobi *.yahoo.com *.doubleclick.net *.mediawallahscript.com *.rlcdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com *.criteo.net *.adform.net *.facebook.net *.cloudfront.net *.criteo.com *.hsforms.net *.hsforms.com *.powerreviews.com *.nr-data.net *.newrelic.com acsbapp.com foursixty.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com *.typekit.net *.cloudfront.net *.powerreviews.com foursixty.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://www.google-analytics.com *.yotpo.com *.visitors.live *.luckyorange.net wss://visitors.live/socket.io/ *.doubleclick.net wss://in.visitors.live/socket.io/ *.powerreviews.com foursixty.com *.acsbapp.com *.nr-data.net *.foursixty.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.ipay88.com.my *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.botframework.com *.livechatinc.com *.tiqcdn.com *.doubleclick.net *.in.freshchat.com *.freshchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.sandbox.paypal.com *.paypal.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.ytimg.com *.magentocommerce.com *.gstatic.com *.googleapis.com/ *.google.com *.google.com.my *.in.freshchat.com *.freshchat.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.jquery.com *.google.com *.gstatic.com *.sandbox.paypal.com *.paypal.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.youtube.com *.ytimg.com *.authorize.net *.cardinalcommerce.com *.magentocommerce.com *.newrelic.com *.facebook.com *.facebook.net *.g.doubleclick.net/ *.code.jquery.com *.googletagmanager.com *.botframework.com *.nr-data.net *.googleapis.com *.livechatinc.com *.mookie1.com *.tiqcdn.com *.in.freshchat.com *.freshchat.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com/ *.in.freshchat.com *.freshchat.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.botframework.com wss://directline.botframework.com https://directline.botframework.com/v3/directline/conversations *.google-analytics.com *.g.doubleclick.net/ *.nr-data.net *.livechatinc.com *.in.freshchat.com *.freshchat.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
child-src 'self'; connect-src 'self' http://*.pinalove.com http://*.thaifriendly.com https://*.apple.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.thaifriendly.com wss://*.vietnameselove.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com; frame-src 'self' https://*.apple.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' blob: data: http://*.gstatic.com http://*.pinalove.com http://*.thaifriendly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.my https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.de https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.si https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com https://pinalove.com https://thaifriendly.com https://vietnameselove.com wss://*.pinalove.com wss://*.thaifriendly.com; manifest-src 'self' http://*.thaifriendly.com https://*.thaifriendly.com wss://*.thaifriendly.com; media-src 'self' data:; object-src 'none'; 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://*.apple.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.yahooapis.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_136f6bd732b7462c9c5fd22fd24e9f47 2
font-src *.fontawesome.com data: *.gstatic.com *.googleapis.com *.klarnacdn.net *.worldpay.com *.cnetcontent.com *.1worldsync.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.bazaarvoice.com www.facebook.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.nosto.com *.nos.to api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.bazaarvoice.com *.worldpay.com *.nosto.com *.ometria.com *.demdex.net *.sitescout.com *.doubleclick.net *.pixel.ad *.veinteractive.com www.facebook.com *.zenaps.com campaign.odicci.com g3d-app.com services.sdiapi.com *.addthis.com *.addtoany.com *.twitter.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.commbox.io *.klarnaservices.com *.klarna.com *.google.com *.hotjar.com *.hotjar.io *.lightwidget.com www.paypalobjects.com ometria.email https://pay.google.com https://secure-test.worldpay.com *.nos.to display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.bazaarvoice.com *.nosto.com apps.bumpyardpro.com images.unsplash.com source.unsplash.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.brsrvr.com *.behance.net www.googletagmanager.com *.ometria.com *.gstatic.com *.googleapis.com *.demdex.net *.awin1.com *.zenaps.com *.doubleclick.net *.sitescout.com *.google.com *.pixel.ad assets.robertdyas-static.co.uk www.google.com.ua www.google.com.uk www.facebook.com robertdyasuk.twgdns.com *.klarnacdn.net *.clarity.ms *.bing.com *.assets-servd.host *.contentsquare.net apps.commbox.io *.amazonaws.com *.twimg.com *.twitter.com *.cnetcontent.com *.1worldsync.com g3d-app.com *.cloudfront.net *.ediemidnightzombies.com *.cloudflare.com *.nos.to display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.bazaarvoice.com *.iesnare.com *.nosto.com apps.bumpyardpro.com *.brsrvr.com www.google.com *.cnetcontent.com *.worldpay.com *.ometria.com *.gstatic.com *.googleapis.com *.serving-sys.com *.doubleclick.net *.flx1.com *.veinteractive.com *.dwin1.com *.criteo.com static.cloudflareinsights.com *.criteo.net snap.licdn.com g3d-app.com *.klarnacdn.net *.klarnaservices.com *.facebook.net *.sdiapi.com *.googleoptimize.com *.newrelic.com *.taggstar.com *.commbox.io *.clarity.ms *.bing.com *.hotjar.com bam-cell.nr-data.net cdn.cookielaw.org *.contentsquare.net *.addthis.com *.addtoany.com *.addthisedge.com *.twitter.com *.twimg.com *.google.com *.1worldsync.com *.lightwidget.com *.youtube.com *.ediemidnightzombies.com smct.co https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.nos.to apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.moatads.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.bazaarvoice.com *.cnetcontent.com apps.bumpyardpro.com *.googleapis.com cdn.taggstar.com cdn.cookielaw.org *.klarnacdn.net *.commbox.io *.worldpay.com *.twitter.com *.google.com *.1worldsync.com *.cloudflare.com *.nosto.com *.nos.to display.ugc.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com apps.bumpyardpro.com apps.commbox.io *.cnetcontent.com *.1worldsync.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.bazaarvoice.com *.nosto.com *.dxpapi.com api.edq.com *.ometria.com *.demdex.net *.serving-sys.com *.veinteractive.com *.sdiapi.com rum-collector-2.pingdom.net bam-cell.nr-data.net api.taggstar.com *.sciencebehindecommerce.com *.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.clarity.ms *.worldpay.com pay.google.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io cdn.cookielaw.org *.contentsquare.net *.onetrust.com *.cloudhub.io *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.1worldsync.com *.cnetcontent.com *.addthis.com *.doubleclick.net *.ediemidnightzombies.com *.nos.to api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com.ua bat.bing.com *.taggstar.com *.google.co.uk 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self'; base-uri 'self'; frame-ancestors 'self' https: 2
connect-src 'self' https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://secure.comodo.com 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 2
default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/csp 2
font-src fonts.gstatic.com use.typekit.net  *.fontawesome.com *.gstatic.com *.googleapis.com *.yotpo.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com facebook.com *.facebook.com *.facebook.net *.cookiebot.com https://*.demdex.com *.google.com *.braintreegateway.com *.dexmet.net *.dnky.co googletagmanager.com *.authorize.net *.vimeo.com *.gstatic.com gstatic.com *.yotpo.com *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com facebook.com *.facebook.com www.google.ro *.cookiebot.com *.doubleclick.net 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.mollie.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.facebook.com *.facebook.net *.hotjar.com *.cookiebot.com bam.nr-data.net *.googletagmanager.com googleoptimize.com *.newrelic.com *.adobedtm.com gstatic.com *.2o7.net *.omtrdc.net https://*.demdex.net *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com  *.fontawesome.com unsafe-inline *.gstatic.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.scarabresearch.com *.eservice.emarsys.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com *.google.com *.doubleclick.net *.hotjar.io *.cookiebot.com *.nr-data.net *.newrelic.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://fonts.gstatic.com data: https://js.intercomcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.trustpilot.com http://*.trustpilot.com https://*.hotjar.com https://*.affirm.com *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.doubleclick.net/ https://www.google.com/ api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.google.com https://track.hubspot.com https://*.intercom.io https://*.intercomcdn.com https://static.intercomassets.com https://sp.analytics.yahoo.com https://*.facebook.com https://*.amazonaws.com https://*.infusionsoft.app https://www.googletagmanager.com https://*.akamaihd.net https://px.ads.linkedin.com https://p.adsymptotic.com https://ssl.gstatic.com https://www.gstatic.com https://*.bing.com https://*.hsforms.com https://*.clarity.ms https://*.wistia.com https://cdn.auth0.com https://p.adsymptotic.com www.xtento.com cdn.xtento.com https://redchamps.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://*.google.com https://*.gstatic.com https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.trustpilot.com http://*.trustpilot.com https://*.newrelic.com https://*.nr-data.net https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com https://*.bing.com https://*.licdn.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.impactradius-event.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-analytics.net https://*.facebook.net https://app.convertful.com https://*.affirm.com https://*.pdst.fm *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.infusionsoft.com https://*.clarity.ms https://vision.duel.me/duel-analytics.js https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.jquery.com https://*.cloudflare.com https://*.noibu.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com www.xtento.com cdn.xtento.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline https://tagmanager.google.com https://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://*.intercom.io https://*.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.googletagmanager.com https://*.google-analytics.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.hubspot.com https://*.hotjar.com https://app.convertful.com https://*.affirm.com https://*.intercom.io wss://*.intercom.io https://*.newrelic.com https://*.nr-data.net https://*.paypal.com https://us-central1-adaptive-growth.cloudfunctions.net *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.wistia.com https://*.trustpilot.com https://*.litix.io https://*.noibu.com wss://*.noibu.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri /_/csp-reports 2
default-src 'self' *.gstatic.com *.google.com *.google.co.uk *.youtube.com *.google-analytics.com *.bazaarvoice.com *.openstreetmap.org *.iesnare.com *.convertexperiments.com *.cookiebot.com *.mouseflow.com *.klaviyo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.youtube.com *.google.com *.gstatic.com *.cloudflare.com *.bugherd.com bat.bing.com *.bazaarvoice.com *.facebook.net *.googleapis.com *.g.doubleclick.net *.ads-twitter.com *.googleadservices.com *.twitter.com cambridgeaudio.us8.list-manage.com js.braintreegateway.com script.hotjar.com static.hotjar.com *.payments-amazon.com vc.hotjar.io songbirdstag.cardinalcommerce.com *.paypal.com twitter.com *.bazaarvoice.com *.newrelic.com *.cloudflareinsights.com *.cloudfront.net *.nr-data.net *.atlassian.net *.cardinalcommerce.com *.google.se *.google.nl *.google.ca chimpstatic.com *.openstreetmap.org *.paypalobjects.com *.iesnare.com *.mavenoid.com *.convertexperiments.com *.cookiebot.com *.klaviyo.com *.clarity.ms *.mouseflow.com *.jsdelivr.net *.mouseflow.com *.klaviyo.com; object-src 'self' 'unsafe-inline' *.bazaarvoice.com *.iesnare.com *.convertexperiments.com *.klaviyo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bazaarvoice.com *.cloudfront.net sheet *.braintreegateway.com *.openstreetmap.org *.braintreegateway.com *.iesnare.com *.appcues.com *.convertexperiments.com *.jsdelivr.net *.klaviyo.com; img-src *; frame-src *.vimeo.com *.facebook.com *.youtube.com *.youtube-nocookie.com vars.hotjar.com *.braintreegateway.com *.cardinalcommerce.com *.paypal.com *.kaptcha.com *.bazaarvoice.com *.amazon-adsystem.com *.cloudfront.net *.atlassian.net *.go2jump.org *.payments-amazon.com *.amazon.co.uk *.amazon.com *.cambridgeaudio.com *.doubleclick.net *.googletagmanager.com *.openstreetmap.org *.spotify.com *.iesnare.com *.convertexperiments.com *.cookiebot.com *.klaviyo.com; frame-ancestors https://*.cambridgeaudio.com; font-src 'self' *.gstatic.com data: *.bazaarvoice.com *.bugherd.com *.cloudfront.net *.openstreetmap.org *.iesnare.com *.mavenoid.com *.convertexperiments.com *.jsdelivr.net *.mouseflow.com *.klaviyo.com; connect-src 'self' *.g.doubleclick.net *.google.com *.google-analytics.com bat.bing.com *.facebook.com sockjs.pusher.com in.hotjar.com *.amazon.com *.amazon.co.uk vc.hotjar.io *.braintree-api.com *.braintree-gateway.com *.cardinalcommerce.com *.amazonaws.com *.bazaarvoice.com *.bugsnag.com *.pusher.com *.nr-data.net *.braintreegateway.com *.paypal.com  *.nr-data.net *.hotjar.com wss://* *.openstreetmap.org *.braintreegateway.com *.paypal.com *.iesnare.com *.mavenoid.com *.sentry.io *.clarity.ms *.convertexperiments.com  *.cookiebot.com *.mouseflow.com *.klaviyo.com; report-uri /report-csp-violation 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.assetsadobe2.com *.dyson.com.sg *.dyson.in *.analytics.yahoo.com *.google.co.in *.outbrain.com *.s3.amazonaws.com *.quantserve.com *.usehero.com s3.amazonaws.com *.adobe.com *.dyson.co.kr *.boldchat.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com *.decibelinsight.net *.queue-it.net *.googletagmanager.com *.go-mpulse.net *.quantserve.com *.outbrain.com *.s3.amazonaws.com *.usehero.com *.quantcount.com *.boldchat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com *.omtrdc.net *.go-mpulse.net *.google.com *.doubleclick.net *.usehero.com *.decibelinsight.net *.akstat.io *.akamaihd.net *.boldchat.com wss://collection.decibelinsight.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net www.google-analytics.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com bam.nr-data.net c.evidon.com cdn.jsdelivr.net l.evidon.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.gstatic.com cdn.jsdelivr.net www.google.com bam.nr-data.net c.evidon.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net fonts.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com cdn.jsdelivr.net ; form-action 'none' data: blob: ; report-uri /csp_report 2
default-src 'self' https://*.lisboa.pt https://*.cm-lisboa.pt; img-src https: blob: data:; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://*.readspeaker.com https://chatwidget.dashboard-visor.com https://cdnjs.cloudflare.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com/ https://*.googleapis.com https://*.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.kaspersky-labs.com https://*.readspeaker.com  https://*.cloudflare.com https://*.dashboard-visor.com https://*.googleapis.com https://*.jsdelivr.net https://*.mapbox.com https://*.readspeaker.com https://*.bootstrapcdn.com https://*.fontawesome.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.4ddons.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.jquery.com https://*.readspeaker.com https://*.googleapis.com https://code.jquery.com https://chatwidget.dashboard-visor.com https://*.readspeaker.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.com https://cdnjs.cloudflare.com https://api.mapbox.com https://npmcdn.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.youtube.com/ https://*.appybook.com https://*.bol.pt https://*.facebook.net https://*.google-analytics.com https://*.svn0czn.com https://*.tryinteract.com; script-src-elem 'self' 'unsafe-inline' https://*.bol.pt https://*.cdnjs.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hublosk.com https://*.jquery.com https://*.jscontent.net https://*.jullyambery.net https://*.kellyfight.com https://*.npmcdn.com https://*.readspeaker.com https://*.youtube.com https://*.appybook.com https://*.bol.pt https://*.dashboard-visor.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.jquery.com https://*.pagespeed-mod.com https://*.readspeaker.com https://*.ritta.local https://*.tryinteract.com https://*.acestream.net https://*.bootstrapcdn.com https://*.cdnjs.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.googleapis.com https://*.jsdelivr.net https://*.kaspersky-labs.com https://*.mapbox.com https://*.npmcdn.com https://*.pilaff-up.ru https://*.readspeaker.com https://*.youtube.com; connect-src 'self' data: https://*.doubleclick.net https://*.glitch.com https://*.glitch.me https://*.kellyfight.com https://*.ucweb.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatwidget.dashboard-visor.com wss://chatwidget.dashboard-visor.com https://services.arcgis.com https://*.mapbox.com https://*.googleapis.com/ https://*.doubleclick.net https://*.readspeaker.com; frame-src 'self' https://*vimeo.com https://*.zscloud.net https://*.appybook.com https://*.bol.pt https://*.city-platform.com https://*.cm-lisboa.pt https://*.googletagmanager.com https://*.knightlab.com https://*.lisboa.pt https://*.moz.com https://*.tryinteract.com https://*.vimeo.com https://*.vkanalytics.net https://*.youtube-nocookie.com https://*.youtube.com; font-src 'self' https://*.avast.com https://*.cloudflare.com https://*.ss-cdn.com https://*.windows.net https://fonts.gstatic.com https://chatwidget.dashboard-visor.com https://*.fontawesome.com https://*.avast.com https://*.github.com https://*.typekit.net data:; media-src 'self' https://*.dashboard-visor.com data:; worker-src 'self' blob:; report-uri /fma/csp.php 2
frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com https://www.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'unsafe-inline' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.klevu.com *.ksearchnet.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com https://www.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googletagmanager.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klevu.com *.ksearchnet.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://cdn.worden.com https://fonts.gstatic.com https://stats.g.doubleclick.net data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://cdn.worden.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.worden.com; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.klevu.com *.ksearchnet.com *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.facebook.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com/ *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.youtube.com *.paypal.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cookiebot.com *.hotjar.com *.facebook.com *.kaptcha.com https://store.plumrocket.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.trustpilot.com *.nosto.com *.amazonaws.com *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.googletagmanager.com *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.trustpilot.com *.nosto.com *.klevu.com polyfill.io *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com *.klarnaservices.com x.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com *.doubleclick.net cdn.dnky.co webchat.dotdigital.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com unsafe-inline *.trustpilot.com *.nosto.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.trustpilot.com *.finance-calculator.co.uk *.paypal.com *.nosto.com *.google.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.cardinalcommerce.com *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com *.cookiebot.com *.klarnaservices.com x.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uxfeedback.ru https://chat.finuslugi.ru https://connect.facebook.net https://www.facebook.com https://vk.com https://top-fwz1.mail.ru https://px.adhigh.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://cdn.amplitude.com https://www.google-analytics.com https://optimize.google.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com;connect-src 'self' https://iss.moex.com *.uxfeedback.ru https://chat.finuslugi.ru wss://chat.finuslugi.ru https://top-fwz1.mail.ru https://px.adhigh.net https://rexc.moex.com https://api.finuslugi.ru https://lk.finuslugi.ru https://assets.finuslugi.ru https://www.moex.com api.amplitude.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com;img-src 'self' data: *.uxfeedback.ru https://vk.com https://www.facebook.com https://11143639.fls.doubleclick.net https://assets.finuslugi.ru https://liknot.ru https://www.workle.ru https://www.google.ru https://www.google.com https://www.google-analytics.com www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' *.uxfeedback.ru https://chat.finuslugi.ru https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com;font-src 'self' data: *.uxfeedback.ru https://fonts.gstatic.com;media-src 'self';child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;frame-src blob: *.uxfeedback.ru https://11143639.fls.doubleclick.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://optimize.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;base-uri 'self';form-action 'self';manifest-src 'self';worker-src 'self';report-uri https://rexc.moex.com; 2
font-src *.fontawesome.com 'self' *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.google.com/ https://www.youtube.com https://www.googletagmanager.com/ https://www.facebook.com https://www.e-shop-direct.com https://handel.ortlieb.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com https://www.magezon.com https://www.mollie.com https://med-euw3c.squarelovin.com/ https://www.google.*/ads/ https://www.facebook.com https://cdn.ywxi.net https://maps.googleapis.com https://maps.gstatic.com https://www.e-shop-direct.com https://www.google-analytics.com https://www.google.com https://www.google.de 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.google.com js.mollie.com 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://*.cookiefirst.com/ https://chimpstatic.com/ https://squarelovin.com/squarelovin.js https://squarelovin.com/api/index/get-stream-media/ https://connect.facebook.net/signals/config/995641483818596 https://consent.cookiefirst.com/banner.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ecommerce.js https://cdn.klarna.com/1.0/code/client/all.js https://maps.googleapis.com/maps/api/js https://www.e-shop-direct.com/libs/js/jquery-3.1.1.min.js https://unpkg.com/web-vitals@0.2.2/dist/web-vitals.es5.umd.min.js *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com 'report-sample' https://*.cookiefirst.com/ https://*.squarelovin.com/squarelovin.css https://med-cf-1.squarelovin.com https://www.e-shop-direct.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'none' 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.google-analytics.com https://static.cookiefirst.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2
default-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; script-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de *.tibushlabs.de; style-src 'unsafe-inline' 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; img-src data: 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; frame-src https:; connect-src https:; form-action https:; object-src 'none'; 2
block-all-mixed-content; default-src 'self'; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://*.googleapis.com https://*.novozymes.com https://ssl.google-analytics.com https://*.linkedin.com https://*.pardot.com https://*.cookieinformation.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.sharethis.com https://*.hotjar.com https://*.facebook.net https://*.licdn.com https://*.marketo.com https://*.marketo.net; style-src 'self' 'unsafe-inline' https://*.marketo.com https://fonts.googleapis.com/css https://ws.sharethis.com; img-src 'self' data: https:; child-src 'self' https://*.sharethis.com https://*.hotjar.com https://*.cookieinformation.com; connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.mktoutil.com https://*.sharethis.com https://*.doubleclick.net https://*.cookieinformation.com https://*.mktoresp.com https://*.google-analytics.com; frame-src 'self' https://www.novozymes.tv https://nz.23video.com https://*.sitecore.net https://sitecoreboost.azurewebsites.net https://*.pardot.com bid.g.doubleclick.net *.hotjar.com https://*.cookieinformation.com https://*.vimeo.com https://ws.sharethis.com https://www.youtube.com https://www.facebook.com https://*.marketo.com https://www.googletagmanager.com; report-uri https://novozymes.report-uri.com/r/d/csp/reportOnly 2
default-src 'self';frame-ancestors 'self'; frame-src 'self' https://www.google.com https://apply.atomicdata.com https://www.youtube.com https://www.gstatic.com;  connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://ws.zoominfo.com; font-src 'self' data:;  img-src 'self' data: https://px.ads.linkedin.com https://secure.gravatar.com https://www.google.com https://p.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com;  script-src 'self' 'unsafe-eval';  script-src-elem 'self' 'unsafe-inline' https://code.visitor-track.com https://ml314.com https://snap.licdn.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com;  style-src-attr 'unsafe-inline';  style-src-elem 'self' 'unsafe-inline';  report-uri https://atomicdata.report-uri.com/r/d/csp/wizard; 2
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.youtube.com *.cookiebot.com *.showefy.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.gstatic.com *.google.com *.usercentrics.eu https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.newrelic.com *.nr-data.net *.googleapis.com *.addtoany.com *.zdassets.com *.facebook.com *.cookiebot.com *.pinterest.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.nr-data.net *.zendesk.com *.zopim.com *.zdassets.com wss://widget-mediator.zopim.com *.doubleclick.net *.teads.tv www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.gstatic.com *.linearicons.com *.googleapis.com *.hotjar.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' data: *.monolithicpower.com *.monolithicpower.cn *.googleadservices.com *.cookiebot.com *.hotjar.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.doubleclick.net *.cookiebot.com *.hotjar.com *.stripe.com vendor.ultralibrarian.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.co.in *.google.com *.paypal.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com *.baidu.com *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com 'self' data: *.cloudflare.com *.stripe.com *.monolithicpower.com *.monolithicpower.cn *.google-analytics.com *.google.com *.googletagmanager.com *.googleadservices.com *.cookiebot.com *.gstatic.com *.doubleclick.net *.usercentrics.eu *.fontawesome.com *.hotjar.com *.baidu.com *.zdassets.com *.zendesk.com *.zopim.com *.marketo.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.ipstack.com *.youku.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.googleapis.com *.gstatic.com *.linearicons.com *.dotdigital.com *.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.google-analytics.com *.doubleclick.net *.cloudflare.com *.paypal.com *.hotjar.com wss://ws4.hotjar.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.cardinalcommerce.com *.braintree-api.com assets.braintreegateway.com api.comapi.com 186-oug-983.mktoresp.com *.ipstack.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' data 'unsafe-inline' 'unsafe-eval' *.scoresense.com *.scoresensebasic.com *.freescoreonline.com *.nationalcreditreport.com *.freescore360.com https://img1.cdn180.net *.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apigateway.scoresense.com/ https://www.cardratings.com https://img1.cdn180.net https://safetechpageencryptionvar.chasepayment.com https://safetechpageencryptionvar.chasepaymentech.com *.salesforceliveagent.com cardratings.com seal-dallas.bbb.org seal.digicert.com https://safetechpageencryption.chasepaymentech.com https://www.googletagmanager.com www.google-analytics.com bat.bing.com *.siteintercept.qualtrics.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.facebook.net seal-dallas.bbb.org ; img-src * 'self' data: https:; connect-src 'self' ws: wss: *.decibelinsight.net *.facebook.com *.execute-api.us-east-1.amazonaws.com *.onetechnologies.net stats.g.doubleclick.net *.siteintercept.qualtrics.com https://apigateway.scoresense.com https://seal.digicert.com https://images.scanalert.com https://seal-dallas.bbb.org https://onetechnologies.secure.force.com https://www.gstatic.com https://fonts.googleapis.com https://c.la1-c1-ia5.salesforceliveagent.com https://www.googletagmanager.com https://consumerconnect.tui.transunion.com ; font-src 'self' https://fonts.gstatic.com ; frame-src ; frame-ancestors *.scoresense.com *.freescoreonline.com *.nationalcreditreport.com; report-to ot-reporter; report-uri https://xtvenwskmk.execute-api.us-east-1.amazonaws.com/infosec 2
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sdc-bdt.caissedesdepots.fr mon-compte.banquedesterritoires.fr; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sdc-bdt.caissedesdepots.fr; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.gstatic.com www.google.com sdc-bdt.caissedesdepots.fr sdk.privacy-center.org; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sdc-bdt.caissedesdepots.fr ; form-action 'none' data: blob: ; report-uri /csp_report 2
frame-ancestors http://*.infomart.co.jp https://*.infomart.co.jp http://infomart.co.jp https://infomart.co.jp http://www.foods-ch.com https://www.foods-ch.com http://foods-ch.com https://foods-ch.com *.medicalinfomart.com *.beautyinfomart.com; report-uri https://es.infomart.co.jp/csp-report; 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; script-src 'self' seeburgercom-160c6.kxcdn.com *.cookiebot.com 'unsafe-inline'; script-src-elem seeburgercom-160c6.kxcdn.com *.cookiebot.com www.googletagmanager.com munchkin.marketo.net api.userlike.com; style-src 'self' seeburgercom-160c6.kxcdn.com 'unsafe-inline'; img-src 'self' seeburgercom-160c6.kxcdn.com www.google-analytics.com; font-src 'self' seeburgercom-160c6.kxcdn.com; connect-src 'self' *.cookiebot.com *.mktoresp.com www.google-analytics.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com; frame-src 'self' *.cookiebot.com; report-uri https://sentry.punkt.de/api/16/security/?sentry_key=9a48fadda01b43c7affb4db84fed4530&sentry_environment=Live 2
script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 2
font-src maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://img.youtube.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools store.paradoxlabs.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com s7.addthis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://player.vimeo.com https://www.youtube.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ekr.zdassets.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://fonts.googleapis.com https://fonts.gstatic.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com dev.visualwebsiteoptimizer.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net connect.facebook.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net; style-src 'self' 'unsafe-inline' wchat.freshchat.com; report-uri /.webscale/csp-report 2
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-violation-report.php 2
font-src fonts.googleapis.com fonts.gstatic.com https://cdn.socialannex.com/ data: googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sfdcstatic.com *.socialannex.com *.script.hotjar.com https://script.hotjar.com/font-hotjar_5.65042d.woff2 https://script.hotjar.com/font-hotjar_5.0ddfe2.ttf https://script.hotjar.com/font-hotjar_5.17b429.woff 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.twitter.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com s23.socialannex.com *.google.com *.twitter.com https://service.force.com/ https://vars.hotjar.com/ https://www.chasepaymentechhostedpay-var.com/ https://www.chasepaymentechhostedpay.com/ https://directory.scouting.org/ http://directory.scouting.org/ www.facebook.com googleads.g.doubleclick.net *.braintreegateway.com/ *.kaptcha.com/ *.paypal.com/ www.youtube.com media.boyslife.org 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' blob: data: maps.googleapis.com maps.gstatic.com cdn.socialannex.com *.socialannex.com *.cdninstagram.com *.fbcdn.net data: addevent.com *.google-analytics.com amcglobal.sc.omtrdc.net *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.yotpo.com *.mediafiles.scoutshop.org *.cdn.socialannex.com *.widgets.magentocommerce.com https://cdnazure-socialannexinc.netdna-ssl.com https://mediafiles.scoutshop.org/ https://cdn.socialannex.com https://www.facebook.com http://cdn.socialannex.com/custom_images/9991741/UVGD7L_logo.png http://cdn.socialannex.com/custom_images/1122330/N5C7XG_VZW1WW_close.png *.google.com *.scoutshop.org *.google.co.in *.googletagmanager.com 89086.global.siteimproveanalytics.io *.nextopia.net script.hotjar.com *.clarity.ms *.cloudfront.net https://a.klaviyo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com s28.socialannex.com *.socialannex.com http://s23.socialannex.com/ https://cdn.socialannex.com/ http://cdn.socialannex.com/ https://c1.socialannex.com/ *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.my.salesforce.com *.lightning.force.com *.secure.force.com *.google-analytics.com addevent.com 'self' data: *.gstatic.com static.klaviyo.com static-tracking.klaviyo.com *.cloudflare.com *.twitter.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.connect.facebook.net *.service.force.com *.cdn.nextopia.net *.nextopiasoftware.com *.cdn.socialannex.com *.salesforceliveagent.com *.code.jquery.com https://service.force.com https://service.force.com/embeddedservice/5.0/esw.min.js https://cdn.nextopia.net/nxt-app/fca482e10d6c3e13d7748571d09f15d2.js https://cdn.nextopia.net/nxt-app/2515ea380310e97ec5b1c6947a2a0670.js https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js https://cdn.socialannex.com/partner/1122331/universal.js http://cdn.socialannex.com/partner/1122331/sas22CustomVC.js http://cdn.socialannex.com/s22/templatebase/s22-all.js http://cdn.socialannex.com/s22/templatebase/s22-vanilla-slider.js https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js http://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.socialannex.com/s22/s22-smarty-template-engine.js http://cdn.socialannex.com/s22/templatebase/s22-bxslider.js https://cdn.socialannex.com/s22/s22-acmc.js http://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/fbevents.js *.s23.socialannex.com http://s23.socialannex.com/v4/js/s23-main-curl.js https://s23.socialannex.com/v4/js/s23-main-curl.js http://cdn.socialannex.com/s23/v4/mustache.js http://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js https://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js http://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js https://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js http://cdn.socialannex.com/s28/v2.0/s28-reviewrating.js https://script.hotjar.com/modules.901d255c60be478c0407.js *.googletagmanager.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/incoming-feedback.573ff3cea08d248d8964.js *.gtm.js *.googleoptimize.com *.newrelic.com/ bam-cell.nr-data.net siteimproveanalytics.com connect.facebook.net c.socialannex.com *.paypal.com/ script.crazyegg.com *.clarity.ms *.ecomm-nav.com *.hotjar.io *.hotjar.com https://static.klaviyo.com https://fast.a.klaviyo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.socialannex.com/ *.secure.force.com googleapis.com addevent.com *.googleapis.com *.klaviyo.com *.cloudflare.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.socialannex.com https://service.force.com *.nextopia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com *.mediafiles.scoutshop.org https://mediafiles.scoutshop.org/Media/video_scouttalk_sbsa_1920x1080.mp4 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://s23.socialannex.com/ *.secure.force.com maps.googleapis.com/ amcglobal.sc.omtrdc.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.socialannex.com *.analytics.js *.google-analytics.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net https://script.hotjar.com/modules.901d255c60be478c0407.js bam-cell.nr-data.net https://fast.a.klaviyo.com https://static.klaviyo.com telemetrics.klaviyo.com static-forms.klaviyo.com wss://ws20.hotjar.com a.klaviyo.com *.braintree-api.com/ *.braintreegateway.com/ *.crazyegg.com *.clarity.ms *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://fonts.gstatic.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://pal-test.adyen.com https://pal-live.adyen.com https://test.adyen.com https://live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://consentcdn.cookiebot.com https://www.facebook.com https://www.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://maps.gstatic.com https://www.google.com https://www.google.it 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://checkoutshopper-live.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co api.comapi.com webchat.dotdigital.com maps.googleapis.com https://www.googletagmanager.com *.google.com https://cdn.mouseflow.com https://www.gstatic.com https://apis.google.com http://connect.facebook.net https://connect.facebook.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://chimpstatic.com https://www.mczbf.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com https://www.gstatic.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com webchat.dotdigital.com https://www.facebook.com https://www.google-analytics.com https://bam.nr-data.net https://www.mczbf.com https://stats.g.doubleclick.net https://checkoutshopper.adyen.com https://checkoutshopper-test.adyen.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
default-src 'self' blob:; img-src 'self' data: *; media-src * blob:; script-src 'self' https://kapsch.net https://www.kapsch.net https://*.usercentrics.eu www.googletagmanager.com www.google-analytics.com data: www.googleadservices.com snap.licdn.com analytics.twitter.com static.ads-twitter.com www.youtube.com client.crisp.chat 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net connect.facebook.net 'unsafe-eval' blob: streamer.a1.net webcast.a1.net vjs.zencdn.net 'report-sample'; connect-src 'self' https://*.usercentrics.eu www.google-analytics.com www.googleadservices.com snap.licdn.com analytics.twitter.com static.ads-twitter.com noembed.com client.crisp.chat wss://client.relay.crisp.chat streamer.a1.net webcast.a1.net; frame-src 'self' https: https:; style-src 'self' 'unsafe-inline' hello.myfonts.net client.crisp.chat streamer.a1.net webcast.a1.net vjs.zencdn.net; font-src 'self' client.crisp.chat data:; manifest-src 'self'; report-uri /csp-violation-report/ 2
default-src 'none'; frame-ancestors 'self'; block-all-mixed-content; script-src 'self' 'report-sample'; script-src-elem 'self' 'unsafe-inline' cdn.mouseflow.com assets.adobedtm.com; font-src 'self' fonts.gstatic.com; connect-src 'self'; img-src 'self' data: maps.googleapis.com bsh-group.imgix.net www.gstatic.com maps.gstatic.com bshg.d3.sc.omtrdc.net stories.bsh-group.com; style-src 'self' 'report-sample'; style-src-elem 'self' 'unsave-inline'; base-uri 'self';form-action 'self'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 2
report-uri https://o818257.ingest.sentry.io/api/5807773/security/?sentry_key=ed7ad4e8f86243c78f3011320dce22fe 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-analytics.com https://js-eu1.hs-banner.com https://js-eu1.hs-banner.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://*.hubspot.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://bat.bing.com https://www.google-analytics.com https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://*.hubspot.com; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://disqus.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://*.hubspot.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report; 2
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 2
frame-ancestors 'self' *.yahoo.com s.yimg.com; block-all-mixed-content; default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'report-sample' 'unsafe-inline' data: *.licdn.com *.google.com hello.myfonts.net cdn2.hubspot.net static.hsappstatic.net play.webvideocore.net play.streamingvideoprovider.com translate.googleapis.com *.bing.com ajax.googleapis.com https://www.avasecurity.com *.bootstrapcdn.com fonts.googleapis.com; object-src *.googlesyndication.com; frame-src data: *; child-src 'self' data: blob: *.facebook.com connect.facebook.net app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com *.google.com *.doubleclick.net *.googlesyndication.com www.youtube.com *.vimeo.com vimeo.com *.adnxs.com *.criteo.com *.criteo.net; img-src data: blob: * about:; font-src data: *; connect-src blob: * about:; manifest-src 'self'; base-uri 'self' vc.hotjar.io *.adnxs.com *.yahoo.com *.rubiconproject.com; form-action 'self' forms.hsforms.com forms.hubspot.com *.facebook.com connect.facebook.net *.google.com; media-src 'self' data: blob: media.licdn.com dai.google.com *.vimeo.com vimeo.com vod-progressive.akamaized.net *.adnxs.com *.adnxs-simple.com *.yimg.com static.criteo.net service.webvideocore.net cdnvideo.webvideocore.net; prefetch-src 'self' *.googlesyndication.com; worker-src 'self' blob: www.google.com; report-uri https://gate.rapidsec.net/g/r/csp/cb9e5e15-5425-4474-84ff-dd767521bba1/0/4/3?sct=88b1c42d-fa4d-4fc5-a747-b3bc3e8c6efe&dpos=report 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://script.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/; media-src 'self'; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com; frame-ancestors 'none'; child-src 'self' *.youtube.com ; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://script.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/; report-uri /report-csp-violation 2
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 2
default-src               'self'                *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae               ;           connect-src               'self'               *.google-analytics.com               apikeys.civiccomputing.com               maps.googleapis.com               center.lon5.atomz.com               clapi.civiccomputing.com               sp1004e61f.guided.lon5.atomz.com               sp1004e61a.guided.lon5.atomz.com               stats.g.doubleclick.net               www.facebook.com               uberall.com               www.gfpstools.com ;           font-src                 'self'                 fonts.gstatic.com                 static.prod.uberall.com ;           script-src               'self'               'unsafe-inline'               'unsafe-eval'               *.google-analytics.com               *.googletagmanager.com               ajax.googleapis.com               cc.cdn.civiccomputing.com               connect.facebook.net               cdnjs.cloudflare.com               gstatic.com               maps.googleapis.com               siteimproveanalytics.com               snap.licdn.com               static-prod.uberall.com               uberall.com               www.youtube.com ;           style-src               'self'               'unsafe-inline'               'unsafe-eval'               fonts.googleapis.com ;           img-src               'self'               'unsafe-inline'               'unsafe-eval'               data:               assets.georgfischer.com               www.linkedin.com               www.google-analytics.com               *.global.siteimproveanalytics.io               nswow-imageresizer.azurewebsites.net               px.ads.linkedin.com               www.facebook.com               www.google.com               www.google.de               www.google-analytics.com               www.linkedin.com ;           child-src                 'self'                 analytics-eu.clickdimensions.com                 live.solique.ch                 www.youtube.com ;           frame-src               'self'               'unsafe-inline'               'unsafe-eval'               data:               analytics-eu.clickdimensions.com               google.com               ir.tools.investis.com               irs.tools.investis.com               live.solique.ch               recruitingapp-5505.de.umantis.com               registration.gesevent.com               six-swiss-exchange.com               tools.google.com               uberall.com               widget.moin.ai               www.youtube.com               youtube.com ; 2
font-src *.gstatic.com data: *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.xtento.com *.salecycle.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.vimeo.com *.paypalobjects.com *.sandbox.paypal.com *.hotjar.com *.adelixir.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com www.xtento.com cdn.xtento.com *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.rlcdn.com *.listrakbi.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com www.xtento.com cdn.xtento.com *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.authorize.net *.paypal.com *.ytimg.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.de  *.cdn.dnky.co *.comapi.com *.dotdigital.com *.facebook.net *.yotpo.com *.salecycle.com *.linksynergy.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.listrakbi.com data: *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.cdn.dnky.co *.comapi.com *.dotdigital.com *.facebook.net *.yotpo.com *.salecycle.com *.linksynergy.com data: *.listrakbi.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src cdnjs.cloudflare.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com magento.buildify.shop 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sharethis.com platform.twitter.com magento.buildify.shop 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com s3.amazonaws.com https://a.klaviyo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://fast.a.klaviyo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com https://cdn.checkout.com https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com https://*.cylindo.com/ https://www.google.com *.nosto.com *.nos.to *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.cylindo.com/ https://a.klaviyo.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.checkout.com *.klarnacdn.net https://*.cylindo.com/ https://static.klaviyo.com https://fast.a.klaviyo.com https://www.google.com https://www.gstatic.com js.klevu.com *.ksearchnet.com *.nosto.com *.nos.to https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.checkout.com https://*.cylindo.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://js.checkout.com *.klarnaevt.com https://*.cylindo.com/ https://static.klaviyo.com https://fast.a.klaviyo.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com data: *.typekit.net *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.xtento.com cdn.xtento.com blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com cdn.xtento.com  https://targetemsecure.blob.core.windows.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de  ws: *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://geoip-js.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ *.fontawesome.com 'self' data: fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.zendesk.com *.twitter.com *.facebook.com *.zopim.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://test-api.viedu.org https://api.viedu.org https://test-launchpad.viedu.org https://launchpad.viedu.org https://luau-api.dev.viedu.org https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.sharethis.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bookshark.com *.sonlight.com *.gstatic.com *.zdassets.com https://widget-mediator.zopim.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.zendesk.com *.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.addtoany.com *.calendly.com https://calendly.com/ https://app.viralsweep.com https://edge.addthis.com https://cdn.datatables.net *.addthis.com *.klaviyo.com *.pinterest.com *.sonlightconnections.com https://c.sharethis.mgr.consensu.org/ https://anchor.fm https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.wesupply.xyz www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.zdassets.com *.chimpstatic.com chimpstatic.com *.zendesk.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.cdninstagram.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ https://a1.b0e8.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://a.klaviyo.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com https://vimeo.com *.instagram.com wss://*.zopim.com *.zdassets.com *.zendesk.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.api.sonlight.com *.braintree-api.com *.pinterest.com https://js-agent.newrelic.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.nr-data.net *.calendly.com https://calendly.com/ https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://cdn.bc0a.com/ https://cdn1.b0e8.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com https://static.klaviyo.com https://fast.a.klaviyo.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.zdassets.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ unsafe-inline fonts.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bookshark.com *.sonlight.com *.zdassets.com *.zopim.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.vimeo.com https://vimeo.com *.libsyn.com *.blubrry.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.addtoany.com *.pinterest.com *.bam.nr-data.net https://bam.nr-data.net https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.addthis.com https://stats.g.doubleclick.net/ https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://maps.googleapis.com/ https://ixfd2-api.bc0a.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://static.klaviyo.com https://fast.a.klaviyo.com t.elasticsuite.io https://www.google-analytics.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 2
default-src 'self'; script-src 'report-sample' 'self' https://js.hs-scripts.com/19644915.js https://rules.quantcount.com/rules-p--xkFm69TQBQDx.js http://ss.sharethis.com/loader.js http://ws.sharethis.com/button/buttons.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js https://connect.facebook.net/en_US/fbevents.js https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/669924774/ https://js.hs-analytics.net/analytics/1622252400000/19644915.js https://js.hs-banner.com/19644915.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://lptag.liveperson.net/tag/tag.js https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js https://prism.app-us1.com/ https://secure.quantserve.com/quant.js https://ws.sharethis.com/button/async-buttons.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js ; style-src 'report-sample' 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ws.sharethis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://forms.hubspot.com https://l.sharethis.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://bid.g.doubleclick.net https://c.sharethis.mgr.consensu.org https://ws.sharethis.com; img-src 'self' data: https://pixel.quantserve.com https://forms.hsforms.com https://l.sharethis.com https://px.gumgum.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
font-src fonts.googleapis.com fonts.gstatic.com script.hotjar.com *.googleapis.com *.gstatic.com au-tracker.inside-graph.com au-cdn.inside-graph.com 'self' data: integration-sandbox-cdn.toshi.co integration-cdn.toshi.co acsbapp.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 0merchantacsstag.cardinalcommerce.com geostag.cardinalcommerce.com www.facebook.com tst.kaptcha.com bid.g.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com vars.hotjar.co vimeo.com acsbapp.com ssl.kaptcha.com player.smartzer.com www.google.com t.sharethis.com tst.kaptcha.com bid.g.doubleclick.net www.facebook.com accounts.accessibe.com dashboard.accessibe.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com script.hotjar.com www.google.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.be www.google.co.uk www.google.nl www.gstatic.com www.googletagmanager.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au qhn06m.a.searchspring.io 6umcpw.a.searchspring.io q4p7ce.a.searchspring.io you9wl.a.searchspring.io slc.stats.paypal.com 64.media.tumblr.com www.zimmermannwear.com www.zimmermann.com staging3.zimmermannwear.com staging3.zimmermann.com au-cdn.inside-graph.com platform-cdn.sharethis.com hnd.stats.paypal.com d3cgm8py10hi0z.cloudfront.net track.linksynergy.com l.sharethis.com www.facebook.com www.google.co.in googleads.g.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://cdn.searchspring.net/intellisuggest/is.min.js script.crazyegg.com www.googleoptimize.com www.clarity.ms *.clarity.ms ut.rd.linksynergy.com songbird.cardinalcommerce.com tag.lexer.io bat.bing.com tag.rmp.rakuten.com www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com www.google.com au-cdn.inside-graph.com cdn.searchspring.net acsbapp.com googleadservices.com google-analytics.com paypalobjects.com paypal.com sandbox.paypal.com vimeocdn.com googletagmanager.com youtube.com trackedlink.net trackedweb.net dotdigital-pages.com client-analyticsbraintreegateway.com au-tracker.inside-graph.com intljs.rmtag.com cdn.scarabresearch.com au-live.inside-graph.com platform-api.sharethis.com platform-cdn.sharethis.com buttons-config.sharethis.com l.sharethis.com t.sharethis.com fullstory.com integration-sandbox-cdn.toshi.co integration-cdn.toshi.co bam-cell.nr-data.net js-agent.newrelic.com connect.facebook.net googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline cdn.honey.io cdn.searchspring.net au-cdn.inside-graph.com *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://beacon.searchspring.io/beacon script.crazyegg.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.clarity.ms www.clarity.ms staging3.zimmermannwear.com staging3.zimmermann.com www.google.com track.lexer.io maps.googleapis.com centinelapi.cardinalcommerce.com adservice.google.com bat.bing.com stats.g.doubleclick.net www.tryzens-analytics.com www.tryzens-analytics.com:12280 kg668dbov0.execute-api.us-east-1.amazonaws.com au-cdn.inside-graph.com notify.bugsnag.com qhn06m.a.searchspring.io 6umcpw.a.searchspring.io q4p7ce.a.searchspring.io you9wl.a.searchspring.io writer.cardinalcommerce.com centinelapistag.cardinalcommerce.com 7dgmrv.a.searchspring.io services.postcodeanywhere.co.uk uat.tryzens-analytics.com:12280 amcglobal.sc.omtrdc.net  au-live.inside-graph.com vimeo.com cdn.acsbapp.com recommender.scarabresearch.com wss://au-live.inside-graph.com l.sharethis.com sessions.bugsnag.com bam-cell.nr-data.net www.google-analytics.com www.facebook.com api.toshi.co staging.api.toshi.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/edu_google 2
font-src fonts.gstatic.com *.bootstrapcdn.com *.gstatic.com *.yotpo.com *.typekit.net *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.amazonaws.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.apptrian.com *.facebook.net *.facebook.com *.miraclesuit.com *.listrak.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.apptrian.com *.facebook.net *.weltpixel.com *.paypal.com *.braintreegateway.com *.kaptcha.com *.olark.com *.global-e.com *.facebook.com *.doubleclick.net *.google.co.in *.jst.ai *.twitter.com *.paypalobjects.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.apptrian.com *.facebook.net *.typekit.net *.yotpo.com *.google.com *.google.co.in *.listrakbi.com *.gstatic.com *.paypal.com *.facebook.com *.wisepops.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.bing.com *.jst.ai *.googletagmanager.com *.quantserve.com *.pinterest.com *.twitter.com *.smartadserver.com *.analytics.yahoo.com *.clarity.ms www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ *.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.apptrian.com ajax.googleapis.com *.typekit.net *.yotpo.com *.listrakbi.com *.newrelic.com *.nr-data.net stglite.bglobale.com *.braintreegateway.com c.paypal.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.impactradius-event.com *.wisepops.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.facebook.com *.bing.com *.facebook.net *.yimg.com *.jst.ai *.jsdelivr.net *.googlecommerce.com *.yahoo.com *.twitter.com *.pinterest.com *.quantserve.com *.cloudfront.net *.trackedlink.net *.crazyegg.com *.player.vimeo.com *.foursixty.com *.pinimg.com *.s.adroll.com *.d.adroll.com *.t.channeladvisor.com *.tracking2.channeladvisor.com foursixty.com *.fullstory.com *.clarity.ms *.acsbapp.com acsbapp.com *.fontawesome.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com *.googleapis.com *.yotpo.com *.listrakbi.com *.bglobale.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.jst.ai *.typekit.net foursixty.com *.fullstory.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.apptrian.com *.facebook.com *.facebook.net *.olark.com *.miraclesuit.com *.amoressa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.apptrian.com *.facebook.com *.facebook.net *.yotpo.com stats.g.doubleclick.net *.nr-data.net *.braintree-api.com *.paypal.com *.braintreegateway.com *.wisepops.com *.olark.com *.global-e.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.bing.com *.jst.ai *.pinterest.com *.crazyegg.com *.yimg.com *.7eer.net foursixty.com *.fullstory.com *.clarity.ms ziptasticapi.com *.acsbapp.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors ; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.criteo.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com js.authorize.net jstest.authorize.net accept.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.agkn.com *.pinterest.com *.paypal.com *.ytimg.com www.google.com *.doubleclick.net *.gstatic.com *.googletagmanager.com *.privacysandbox.googleadservices.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.shareasale.com *.bootstrapcdn.com *.quora.com *.clarity.ms *.adxcel-ec2.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.cloudfront.net *.credomobile.com *.credo.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.facebook.net *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.criteo.com *.paypal.com *.newrelic.com *.nr-data.net www.google.com *.doubleclick.net *.gstatic.com www.googleoptimize.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com static.zdassets.com *.kaptcha.com *.shareasale.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.bootstrapcdn.com *.ads-twitter.com *.omappapi.com *.clarity.ms js.authorize.net jstest.authorize.net sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.cloudfront.net *.credomobile.com *.credo.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.facebook.net *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net widget-mediator.zopim.com *.zopim.com *.cloudfunctions.net *.omappapi.com wss://widget-mediator.zopim.com *.paypal.com *.nr-data.net www.google.com *.doubleclick.net *.gstatic.com *.pinterest.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.zdassets.com/ credomobilesupport.zendesk.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com *.clarity.ms data: js.authorize.net jstest.authorize.net api.authorize.net apitest.authorize.net accept.authorize.net test.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 2
default-src 'self' https://www.overstockgovernment.com 'unsafe-inline' http://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google-analytics.com;script-src 'self' 'unsafe-inline' http://*.hotjar.com http://*.hotjar.io http://js-agent.newrelic.com http://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com;object-src 'none';img-src https://www.overstockgovernment.com data: http://*.hotjar.com http://*.hotjar.io https://listen.audiohook.com https://*.hotjar.com https://*.hotjar.io https://ak1.ostkcdn.com https://p.adsymptotic.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com;connect-src https://www.overstockgovernment.com http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com;font-src http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com;style-src-elem https://www.overstockgovernment.com 'unsafe-inline' https://fonts.googleapis.com;frame-src http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io;report-uri https://api.overstock.com/contentsecurity/report 2
child-src bid.g.doubleclick.net js.stripe.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.youtube.com; connect-src 'self' addshoppers.s3.amazonaws.com api-iam.intercom.io  api-us-east-1.graphcms.com api.bellhop.com api.bellhops.dev api.bellhops.xyz api.honeybadger.io api.omappapi.com api.segment.io app.shop.pe bat.bing.com bcp.crwdcntrl.net bellhop.extole.io cds.taboola.com ct.pinterest.com d.adroll.com d.adroll.mgr.consensu.org dev.visualwebsiteoptimizer.com in.hotjar.com j.clarity.ms l0.dca0.com l1.dca0.com l10.dca0.com l11.dca0.com l12.dca0.com l13.dca0.com l14.dca0.com l15.dca0.com l16.dca0.com l17.dca0.com l18.dca0.com l2.dca0.com l3.dca0.com l4.dca0.com l5.dca0.com l6.dca0.com l7.dca0.com l8.dca0.com l9.dca0.com nf44a9pati.execute-api.us-west-2.amazonaws.com o27727.ingest.sentry.io optout.dca0.com pips.taboola.com r3.visualwebsiteoptimizer.com rs.fullstory.com s.adroll.com s.yimg.com sn.dca0.com sn36.dca0.com shop.pe shopper.shop.pe stats.g.doubleclick.net subwayblaze.com t.dca0.com trc-events.taboola.com vc.hotjar.io widget.intercom.io wss://nexus-websocket-a.intercom.io www.facebook.com www.google-analytics.com xds.dca0.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' a.quora.com alb.reddit.com analytics.twitter.com api-iam.intercom.io api-us-east-1.graphcms.com api.bellhop.com api.getvero.com api.segment.io bat.bing.com bid.g.doubleclick.net cdn.segment.com connect.facebook.net ct.pinterest.com d.adroll.com d.adroll.mgr.consensu.org d3qxef4rp70elm.cloudfront.net data: downloads.intercomcdn.com drh5vf6sssvlm.cloudfront.net fonts.googleapis.com fonts.gstatic.com googleads.g.doubleclick.net in.hotjar.com js.intercomcdn.com js.stripe.com maps.googleapis.com maps.gstatic.com media.graphcms.com media.graphassets.com pnapi.invoca.net o27727.ingest.sentry.io q.quora.com s.adroll.com s.pinimg.com script.hotjar.com solutions.invocacdn.com static.ads-twitter.com static.hotjar.com static.intercomassets.com stats.g.doubleclick.net t.co tpc.googlesyndication.com vars.hotjar.com vc.hotjar.io widget.intercom.io wss://nexus-websocket-a.intercom.io www.facebook.com www.google-analytics.com www.google.com www.google.com.bd www.googleadservices.com www.googletagmanager.com www.redditstatic.com; font-src 'self' data: fonts.gstatic.com js.intercomcdn.com; form-action api-iam.intercom.io webto.salesforce.com www.facebook.com; frame-src bid.g.doubleclick.net js.stripe.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.youtube.com; img-src 'self' *.adroll.com ads.yahoo.com alb.reddit.com analytics.twitter.com bat.bing.com c.bing.com c.clarity.ms cds.taboola.com ct.pinterest.com cx.atdmt.com d3tomwqokpf9ra.cloudfront.net dev.visualwebsiteoptimizer.com di.rlcdn.com data: downloads.intercomcdn.com drh5vf6sssvlm.cloudfront.net dsum-sec.casalemedia.com eb2.3lift.com filter.vworldc.com flask.nextdoor.com googleads.g.doubleclick.net i.ytimg.com ib.adnxs.com idsync.rlcdn.com js.intercomcdn.com localhost:10689 logs-01.loggly.com maps.googleapis.com maps.gstatic.com media.graphcms.com media.graphassets.com origin.xtlo.net pixel.advertising.com pixel.rubiconproject.com q.quora.com r3.visualwebsiteoptimizer.com rtb.adentifi.com s3.amazonaws.com segments.company-target.com simage2.pubmatic.com static.intercomassets.com sync.outbrain.com t.co trc.taboola.com us-u.openx.net www.bellhop.com www.facebook.com www.google-analytics.com www.google.at www.google.bg www.google.ca www.google.co.in www.google.co.uk www.google.co.za www.google.com www.google.com.br www.google.com.ni www.google.com.pe www.google.es www.google.fi www.google.ie www.google.nl www.googleadservices.com www.googletagmanager.com www.lightboxcdn.com x.bidswitch.net; manifest-src 'self'; media-src js.intercomcdn.com media.graphcms.com media.graphassets.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.adroll.com a.quora.com aa.agkn.com addshoppers.s3.amazonaws.com ads.nextdoor.com ads.yahoo.com analytics.twitter.com api.getvero.com bat.bing.com bellhop.extole.io cdn.segment.com cdn.taboola.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org d.impactradius-event.com d3rr3d0n31t48m.cloudfront.net d3qxef4rp70elm.cloudfront.net dev.visualwebsiteoptimizer.com dsum-sec.casalemedia.com eb2.3lift.com edge.fullstory.com filter.vworldc.com g.clarity.ms googleads.g.doubleclick.net j.clarity.ms js.intercomcdn.com a.omappapi.com ib.adnxs.com idsync.rlcdn.com js.stripe.com lightboxapi.azurewebsites.net maps.googleapis.com pixel.advertising.com pixel.rubiconproject.com pnapi.invoca.net s.adroll.com s.dca0.com s.pinimg.com script.hotjar.com shop.pe shopper.shop.pe simage2.pubmatic.com sn.dca0.com solutions.invocacdn.com static.ads-twitter.com static.hotjar.com sync.outbrain.com tags.crwdcntrl.net tpc.googlesyndication.com trc.taboola.com us-u.openx.net widget.intercom.io widget.trustpilot.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.lightboxcdn.com www.redditstatic.com x.bidswitch.net xds.dca0.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' 0btl2.anonstats.com a.quora.com analytics.twitter.com api.getvero.com bat.bing.com cdn.segment.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org d3qxef4rp70elm.cloudfront.net fhfht.z6airr.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.adroll.com s.dca0.com s.pinimg.com s.yimg.com script.hotjar.com sn.dca0.com solutions.invocacdn.com sp.analytics.yahoo.com static.ads-twitter.com static.hotjar.com tpc.googlesyndication.com widget.intercom.io www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com xds.dca0.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' a.omappapi.com www.getbellhops.com fonts.googleapis.com origin.xtlo.net www.lightboxcdn.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; worker-src blob: webto.salesforce.com; 2
default-src 'none'; font-src 'self' https:; img-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; object-src 'self' https: blob:; worker-src 'self' https: blob:; report-uri /csp_violation_report 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.agoradesk.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.agoradesk.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.agoradesk.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com ; form-action 'none' data: blob: ; report-uri /csp_report 2
font-src fonts.gstatic.com use.typekit.net data: *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.acsbapp.com *.hawksearch.net fonts.googleapis.com *.hotjar.com *.zopim.com *.afterpay.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hawksearch.net connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.listrakbi.com *.postcodeanywhere.co.uk maps.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net use.typekit.net commerce.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.acsbapp.com *.acsbap.com *.hawksearch.net *.listrakbi.com *.listrak.com https://acsbap.com/apps/app/assets/js/acsb.js https://acsbapp.com/apps/app/dist/js/app.js *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com *.mczbf.com *.pcapredict.com *.postcodeanywhere.co.uk maps.googleapis.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline cdn.dnky.co *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.hawksearch.net *.postcodeanywhere.co.uk *.listrakbi.com *.espssl.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com https://americaneg.vo.llnwd.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.magento.com commerce.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com www.facebook.com *.facebook.net *.facebook.com graph.facebook.com business.facebook.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.acsbapp.com *.listrakbi.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.datatrics.com *.signifyd.com *.signifyd.com:11103 *.mczbf.com *.googleapis.com *.postcodeanywhere.co.uk https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src * 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; font-src *; connect-src 'self'; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com; connect-src 'self' https://*.akamaihd.net https://*.akstat.io https://*.demdex.net https://*.go-mpulse.net https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://cdn.cookielaw.org https://cm.everesttech.net https://www.google-analytics.com https://privacyportal-de.onetrust.com https://prudential.distribution.team.prudential.co.uk https://search-api.swiftype.com https://smetrics.mandg.com https://stats.g.doubleclick.net https://prudentialdistributi.tt.omtrdc.net; font-src 'self' data: https://api.fundpress.io https://fonts.gstatic.com; form-action 'self' https://*.pru.co.uk https://prudential.distribution.team.prudential.co.uk; frame-ancestors 'self' https://www.mymandg.co.uk https://*.pru.co.uk https://*.fundslibrary.co.uk; frame-src 'self' https://*.demdex.net https://*.pru.co.uk https://*.pruadviser.co.uk https://www.brighttalk.com https://digitalsecure.mandg.com https://www.google.com https://irpages2.equitystory.com https://insight.adsrvr.org https://infogram.com https://e.infogram.com https://match.adsrvr.org https://mandg.fidainformatica.it https://mandg.videomarketingplatform.co https://recaptcha.google.com https://view.ceros.com https://www.youtube-nocookie.com; img-src 'self' data: https://*.akstat.io https://*.demdex.net https://*.sessioncam.com https://ad.doubleclick.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://adservice.google.com https://assets.adobedtm.com https://cm.everesttech.net https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://i.ytimg.com https://smetrics.mandg.com https://ttcontacts.com https://797110.global.siteimproveanalytics.io; media-src blob: https://mandg.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.demdex.net https://*.go-mpulse.net https://*.pru.co.uk https://d2oh4tlt9mrke9.cloudfront.net https://assets.adobedtm.com https://api.fundpress.io https://cdn.cookielaw.org https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' https://*.demdex.net https://*.go-mpulse.net https://*.pru.co.uk https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://www.brighttalk.com https://cdn.cookielaw.org https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://js.adsrvr.org https://report.23video.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self' 2
default-src https: data: 'unsafe-inline'; report-uri https://3j40yr1pel.execute-api.us-east-1.amazonaws.com/prod/report-only 2
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com;   style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com;   img-src 'self' https: data: ;   font-src 'self' https: ;   connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com;   media-src 'self';   object-src 'self';   worker-src 'self' blob:;   child-src 'self' blob:;  frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com;   frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk;   report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2
frame-ancestors 'self'; script-src 'self' https://matomo.educa.ch/ ; object-src 'none' ; script-src-attr 'self'; style-src 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri https://de0bcf88093e4c07c95c7bc1ed5aa3a3.report-uri.com/r/d/csp/reportOnly ; 2
default-src https:;script-src 'unsafe-inline' https://www.google-analytics.com/ga.js http://a.vimeocdn.com/js/froogaloop2.min.js https:;font-src https:;img-src https:;style-src 'unsafe-inline' https:;frame-src http://player.vimeo.com/ https://www.youtube.com/embed/hvCzOBkzRvg https:;report-uri https://report-uri.io/report/79d6f8ec27404fdaf8a729c0fad36721/reportOnly 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: try.abtasty.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com cdn.greenbureau.com; form-action  www.floabank.fr mademande.floabank.fr *.facebook.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: agent.greenbureau.com c.contentsquare.net banquecasino-prod.prediggo.io *.doubleclick.net *.facebook.com q-aeu1.contentsquare.net notifpush.com secure-trig.notifadz.com proxy.greenbureau.com try.abtasty.com gjigle.com secure-apis.notifadz.com k-aeu1.contentsquare.net gddglis.com dcinfos-cache.abtasty.com secure-api.notifadz.com wss://proxy.greenbureau.com the.sciencebehindecommerce.com privacy.trustcommander.net *.commander1.com sk.ht ariane.abtasty.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: proxy.greenbureau.com fonts.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net csxd.banque-casino.fr csxd.moncoupdepouce.com gjigle.com www.youtube.com try.abtasty.com www.zenaps.com *.facebook.com *.criteo.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.facebook.net notifpush.com www.dwin1.com *.criteo.com try.abtasty.com www.plurielmedia.com t.contentsquare.net static.avads.net the.sciencebehindecommerce.com cdn.greenbureau.com www.gstatic.com events.sk.ht banquecasino-prod.prediggo.io u360.d-bi.fr www.google-analytics.com snap.licdn.com *.criteo.net cdn.trustcommander.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com contextual.media.net criteo-partners.tremorhub.com visitor.omnitagjs.com *.rubiconproject.com secure-api.notifadz.com *.criteo.com sk.ht ad.360yield.com simage2.pubmatic.com exchange.mediavine.com www.google.fr statics.pushaddict.com match.adsrvr.org ib.adnxs.com insight.adsrvr.org match.sharethrough.com www.plurielmediacenter.com *.smartadserver.com nocookie.avads.net cdn.greenbureau.com eb2.3lift.com cm.adform.net c.contentsquare.net tr.cloud-media.fr ads.avads.net *.casalemedia.com sync.outbrain.com img.youtube.com *.linkedin.com u360.d-bi.fr secure.adnxs.com *.taboola.com matching.ivitrack.com ads.yahoo.com *.facebook.com s.ad.smaato.net criteo-sync.teads.tv e1.emxdgt.com *.doubleclick.net i.liadm.com *.bidswitch.net; report-uri /csp_report 2
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud https://www.facebook.com; img-src https: data:; frame-src https:; form-action 'self'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https:; report-uri /include/csp.php 2
script-src-elem 'self' 'unsafe-inline' *.nr-data.net optimize.google.com cdn.wmxtools.com platform.twitter.com play.vidyard.com *.hotjar.com *.hotjar.io www.googletagmanager.com www.google-analytics.com maps.google.com maps.googleapis.com bat.bing.com form-db.wmxtools.com *.omappapi.com a.optnmnstr.com ajax.googleapis.com connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net *.hotjar.com snap.licdn.com static.addtoany.com unpkg.com use.fontawesome.com *.clarity.ms app-ab03.marketo.com cdn.calltrk.com cdn.pardot.com js.calltrk.com learn.levelaccess.com pi.pardot.com player.vimeo.com ssl.google-analytics.com ws.zoominfo.com www.levelaccess.com assets.codepen.io boards.greenhouse.io cdn.levelaccess.net cdnjs.cloudflare.com j.6sc.co js-agent.newrelic.com rum-static.pingdom.net scout-cdn.salesloft.com; connect-src 'self' data: wss://*.hotjar.com *.nr-data.net bat.bing.com *.clarity.ms *.omappapi.com api.omappapi.com forms.hubspot.com *.youtube.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net www.google-analytics.com unpkg.com www.facebook.com yoast.com api.opmnstr.com js.calltrk.com maps.googleapis.com translate.googleapis.com ws.zoominfo.com api.elevin.cloud api.levelaccess.net api.webaccessibility.com c.6sc.co rum-collector-2.pingdom.net scout.salesloft.com vimeo.com; font-src fonts.googleapis.com *.omappapi.com script.hotjar.com fonts.gstatic.com use.typekit.net 'self' data:; img-src * data: *.nr-data.net; style-src-elem optimize.google.com *.omappapi.com fonts.googleapis.com p.typekit.net use.typekit.net code.jquery.com boards.cdn.greenhouse.io 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; base-uri 'self' rum-collector-2.pingdom.net; form-action 'self' 'unsafe-eval' www.facebook.com; frame-src 'self' data.census.gov optimize.google.com www.facebook.com vars.hotjar.com platform.twitter.com play.vidyard.com www.loom.com www.useloom.com www.youtube.com boards.greenhouse.io learn.levelaccess.com cdnjs.cloudflare.com codepen.io *.vimeo.com vimeo.com; frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com; default-src 'self'; report-uri https://wmxlevelaccess.report-uri.com/r/d/csp/wizard 2
base-uri 'self'; default-src 'none'; child-src 'none'; connect-src 'self' https://widget.marktjagd.de https://spotlight.offerista.com https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.datadome.co http://*.datadome.co *.datadome.co; font-src 'self' https://fonts.gstatic.com https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://widget.marktjagd.de https://spotlight.offerista.com; form-action 'self'; img-src 'self' https://* http://* * data:; object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.datadome.co http://*.datadome.co *.datadome.co https://widget.marktjagd.de https://spotlight.offerista.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/css https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://widget.marktjagd.de https://spotlight.offerista.com 'unsafe-inline'; report-uri /csprep.php; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'eval' https://www.google.com http://www.google-analytics.com https://cse.google.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com https://cse.google.com https://www.google.com https://connect.facebook.net; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' 'data' https:; font-src 'self' 'data' https://fonts.gstatic.com; connect-src 'self'; media-src 'self' 'data'; object-src 'self'; prefetch-src 'self'; child-src 'self'; frame-src 'self' https://www.fotw.info; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.google.com; base-uri 'self'; manifest-src 'self'; report-uri https://fotw.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2
default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 2
default-src 'self' www.facebook.com web.facebook.com ; manifest-src 'self';  base-uri 'self';  form-action 'self';  font-src 'self' data: ;  frame-ancestors 'self';  object-src 'none'; media-src 'self' ; img-src 'self' blob: data: www.facebook.com cx.atdmt.com ; connect-src 'self' ; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net www.googletagmanager.com ; style-src 'self' 'unsafe-inline' ; 2
default-src 'self'; img-src 'self' https: data: img.fsklider.com *.google-analytics.com *.frabbit.ru; worker-src 'self' blob: fsk.ru *.frabbit.ru; style-src 'self' 'unsafe-inline' fsk.ru *.frabbit.ru; style-src-elem 'self' 'inline' 'unsafe-inline' core.smartcallback.ru; media-src 'self' fsk-uploads.hb.bizmrg.com *.fsklider.com *.frabbit.ru; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' eval fsk.ru *.frabbit.ru *.google-analytics.com mc.yandex.ru api-maps.yandex.ru *.maps.yandex.net yastatic.net www.gstatic.com smartcallback.ru core.smartcallback.ru app.comagic.ru www.googletagmanager.com www.googleadservices.com cdn.jsdelivr.net googleads.g.doubleclick.net analytics.tiktok.com px.adhigh.net sync.bumlam.com synce.user-red.com pixel.betweenx.com vk.com altopd.com cdn.rutarget.ru static.terratraf.io ajax.googleapis.com adraker-dev.azureedge.net pixel-storage.konnektu.ru top-fwz1.mail.ru pxl.knam.pro x01.aidata.io matcher.upravel.com sonar.semantiqo.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.frabbit.ru mc.yandex.ru *.maps.yandex.net google-analytics.com x01.aidata.io pxl.knam.pro ad.adriver.ru sslwidget.criteo.com static.criteo.net core.smartcallback.ru cdn3.caltat.com app.blinger.io manalyticshub.com c.4clouds.org code.reffection.com app.comagic.ru smartcallback.ru www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net pixel.betweenx.com www.gstatic.com analytics.tiktok.com vk.com altopd.com ajax.googleapis.com adraker-dev.azureedge.net cdn.rutarget.ru pixel-storage.konnektu.ru static.terratraf.io px.adhigh.net top-fwz1.mail.ru api-maps.yandex.ru matcher.upravel.com; child-src 'self' *.frabbit.ru 9180528.fls.doubleclick.net 9191129.fls.doubleclick.net 10621758.fls.doubleclick.net 11005529.fls.doubleclick.net creativecdn.com tag.rutarget.ru static.user-red.com static.bumlam.com ssp1.rtb.beeline.ru media.rtb.beeline.ru resolving.rtb.beeline.ru static.user-red.com content.adriver.ru cdn3.caltat.com; connect-src 'self' fsk.ru *.frabbit.ru *.google-analytics.com mc.yandex.ru px.adhigh.net stats.g.doubleclick.net core.smartcallback.ru app.comagic.ru server.comagic.ru wss://server.comagic.ru sonar.semantiqo.com sync.sniperlog.ru sync.bumlam.com top-fwz1.mail.ru pixel.konnektu.ru pixel-fsk.konnektu.ru analytics.tiktok.com tracker.comagic.ru intercollectcontact.ru; form-action 'self'; frame-src 'self' *.frabbit.ru 9180528.fls.doubleclick.net 9191129.fls.doubleclick.net 9926317.fls.doubleclick.net 11005529.fls.doubleclick.net 10621758.fls.doubleclick.net creativecdn.com content.adriver.ru static.user-red.com static.bumlam.com tag.rutarget.ru; frame-ancestors 'self' *.frabbit.ru *.flocktory.com *.webvisor.com *.yandex.net yastatic.net; font-src 'self' data: *.frabbit.ru; object-src 'none'; base-uri fsk.ru *.frabbit.ru; report-uri https://sentry.frabbit.ru/api/2/security/?sentry_key=96f41fb92c1645b5a4c72e00dead920a 2
object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; report-uri https://sentry.io/api/161479/security/?sentry_key=9c457471fc3c4ce0a248b295ec84cb32 2
image-src access.nagich.com www.googleadservices.com www.google-analytics.com ct.pinterest.com; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.sagepay.com insight.adsrvr.org vars.hotjar.com www.pinterest.com *.trustpilot.com cookies.onetrust.mgr.consensu.org https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net widgets.magentocommerce.com data: *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://img.youtube.com www.xtento.com cdn.xtento.com cdn.cookielaw.org https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.sagepay.com maps.googleapis.com aacdn.nagich.com s.pinimg.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com d10lpsik1i8c69.cloudfront.net js.adsrvr.org js-agent.newrelic.com bam-cell.nr-data.net cdn.ometria.com www.xtento.com cdn.xtento.com intljs.rmtag.com ut.rd.linksynergy.com *.trustpilot.com cdn.cookielaw.org https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com getfirebug.com display.ugc.bazaarvoice.com *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net access.nagich.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.sagepay.com ws: aacdn.nagich.com access.nagich.com www.google-analytics.com stats.g.doubleclick.net settings.luckyorange.net bam-cell.nr-data.net cdn.cookielaw.org https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' cdn.cookielaw.org www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net; script-src 'self' 'unsafe-inline' *.googletagmanager.com googletagmanager.com www.google-analytics.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org *.sharpmarketing.eu *.googleapis.com *.gstatic.com *.google.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com www.google.com www.google.co.uk www.google.de www.google.at *.sharpmarketing.eu *.actonsoftware.com; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' data:; connect-src bam.nr-data.net cdn.cookielaw.org www.google-analytics.com stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu; report-uri /report-csp-violation; upgrade-insecure-requests 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media *.pinimg.com cdn.ampproject.org tag.aticdn.net sc-static.net ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: *.2mdn.net *.llnw.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.googlesyndication.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.llnw.net *.m32.media *.scorecardresearch.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io static.hotjar.com tag.aticdn.net us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com/tr tr.snapchat.com ; 2
font-src *.google-analytics.com *.gstatic.com likeshop.me data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.authorize.net jstest.authorize.net accept.authorize.net www.xtento.com *.agilone.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.affirm.com *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com store.paradoxlabs.com www.xtento.com cdn.xtento.com *.bounceexchange.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.com www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.affirm.com *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.authorize.net js.authorize.net jstest.authorize.net sandbox-assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.agilone.com *.bing.com *.upsellit.com connect.facebook.net googleads.g.doubleclick.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com seal.websecurity.norton.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com *.affirm.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net *.nosto.com *.nos.to unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.authorize.net js.authorize.net jstest.authorize.net api.authorize.net apitest.authorize.net accept.authorize.net test.authorize.net *.algolianet.com *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.affirm.com *.google-analytics.com likeshop.me wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.richcall.io *.getflowbox.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com *.cloudfront.net *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ts.tradetracker.net www.magmodules.eu *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.richcall.io *.getflowbox.com *.multisafepay.com https://pay.google.com *.googleapis.com *.gstatic.com *.fontawesome.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com tm.tradetracker.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.multisafepay.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.richcall.io *.getflowbox.com *.multisafepay.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.richcall.io *.getflowbox.com assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; connect-src *; font-src 'self' data: https:; frame-src https:; img-src * data:; media-src *; object-src *; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: https: 'unsafe-inline';report-uri https://ncidev.report-uri.com/r/d/csp/reportOnly 2
font-src *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com https://pay.google.com https://secure-test.worldpay.com https://*.tassimo.com https://*.lorespresso.com https://*.fls.doubleclick.net https://vars.hotjar.com https://www.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com *.adyen.com *.cloudflare.com *.gstatic.com https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.google.com.ua https://ade.googlesyndication.com https://www.googletagmanager.com https://*.fls.doubleclick.net https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.pinterest.com https://*.yotpo.com https://*.clarity.ms *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com *.adyen.com *.avada.io https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.gstatic.com https://storage.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com https://p.teads.tv https://www.dwin1.com https://bat.bing.com https://s.pinimg.com https://swrap.tradedoubler.com https://ad.avtm.fr https://*.clarity.ms https://staticw2.yotpo.com https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com https://*.tassimo.com https://*.lorespresso.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.blueconic.net https://*.swaven.com https://www.google.com https://www.google-analytics.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://*.onetrust.com https://ct.pinterest.com https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2
report-uri /es/Error/ReportCPS; 2
font-src fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io cdn.jsdelivr.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://www.googletagmanager.com tagmanager.google.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com display.ugc.bazaarvoice.com tagmanager.google.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://www.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com; report-uri /csp-violation-report-endpoint/ 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 2
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pal-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com *.vimeo.com *.youtube.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com *.weltpixel.com https://odr.promo.dev/ https://vars.hotjar.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com 'self' data: *.gstatic.com http://lindt-hg65tr.your-printq.com https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://tools.luckyorange.com https://static-eu.payments-amazon.com/checkout.js https://script.hotjar.com/ https://static.hotjar.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.google-analytics.com https://www.google-analytics.com https://settings.luckyorange.com wss://mqtt.luckyorange.com https://ws36.hotjar.com/ wss://ws36.hotjar.com/api/v2/client/ws https://in.hotjar.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 2
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: bat.bing.com cdn.callreports.com googleads.g.doubleclick.net js.callrail.com res.cloudinary.com s3.amazonaws.com secure.leadforensics.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net  secure.leadforensics.com www.woodlandmanufacturing.com www.googleadservices.com *.pinimg.com connect.facebook.net *.gstatic.com *.wistia.com *.olark.com *.nextopiasoftware.com *.flattr.com *.trustpilot.com g.microsoft.com 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com downloads.mailchimp.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com; report-uri /.webscale/csp-report 2
default-src https:; 2
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 2
default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com data: https:; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self'; report-uri https://08bfb48ddcee7d64057e88503ec1149f.report-uri.com/r/t/csp/reportOnly 2
font-src www.searchanise.com https://cdn.checkout.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.searchanise.com syndication.twitter.com platform.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.searchanise.com platform.twitter.com syndication.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com platform.twitter.com abs.twimg.com pbs.twimg.com ton.twimg.com syndication.twitter.com www.google.com www.google.ru www.searchanise.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://redchamps.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com static.searchanise.com api.amplitude.com platform.twitter.com cdn.syndication.twimg.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.checkout.com *.klarnacdn.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.searchanise.com searchanise-ef84.kxcdn.com s3.amazonaws.com platform.twitter.com ton.twimg.com https://cdn.checkout.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com api.amplitude.com stats.g.doubleclick.net www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://js.checkout.com *.klarnaevt.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://qtq417pr.uriports.com/reports/report; report-to default 2
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc=' 'sha256-bT1Ymq1WqmR/IVUk/bpwBj+OeadvKW6Z37bJhTu00oY='; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2
font-src *.klevu.com *.ksearchnet.com https://*.quadpay.com https://*.zip.co 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.klevu.com *.ksearchnet.com https://*.quadpay.com https://*.zip.co store.paradoxlabs.com *.cdninstagram.com *.fbcdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com https://*.quadpay.com https://*.zip.co *.authorize.net *.cloudflare.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com https://*.quadpay.com https://*.zip.co *.authorize.net *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.sagepay.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.narvar.com *.narvar.qa *.tawk.to fonts.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.twitter.com https://plumrocket.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.twitter.com https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.paypal.com *.sagepay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.narvar.com *.narvar.qa store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tawk.to cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com *.youtube.com *.paypal.com *.sandbox.paypal.com *.google.com *.googletagmanager.com *.plumrocket.com *.tawk.to *.bam-cell.nr-data.net *.gstatic.com api.veritrans.co.jp *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline fonts.googleapis.com cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com *.cloudflare.com *.twitter.com *.twimg.com api.veritrans.co.jp *.authorize.net www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.tawk.to wss://*.tawk.to *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.mikimoto.com/; report-to report-endpoint; 2
script-src 'self' 'unsafe-eval' chrome-extension: https://mc.yandex.ru https://yastatic.net https://code.jquery.com https://pn.ru https://app.uiscom.ru https://cdn.sendpulse.com https://dsp.setl.ru 'unsafe-inline' 'unsafe-inline' https://www.google-analytics.com https://2689160950.mc.yandex.ru https://spbrealty.ru blob: https://www.youtube.com https://connect.facebook.net https://mc.yandex.com https://4041122503.mc.yandex.ru https://viewplugin.com https://server.comagic.ru 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://spbrealty.ru chrome-extension: https://pn.ru https://mc.yandex.ru https://mc.yandex.md https://server.comagic.ru https://api.setl.ru https://ucads-cdn.ucweb.com https://www.youtube.com https://camera.rt.ru https://www.ciuvo.com https://dl.metabar.ru https://m.youtube.com https://mc.yandex.com https://acestream.me; object-src 'self' https://noop.style chrome-extension:; report-uri /cspreportonly; 2
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.roundcubeplus.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: http: https:; font-src 'self' data: http: https:; media-src 'self'; report-uri /csp-report; 2
default-src 'none';   manifest-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval'     *.hotjar.com     http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js     http://sparkbox.github.com     https://analytics.twitter.com     https://apply.workable.com     https://assets.codepen.io     https://bid.g.doubleclick.net     https://cdn.jsdelivr.net     https://connect.facebook.net     https://googleads.g.doubleclick.net     https://platform.twitter.com     https://production-assets.codepen.io     https://script.hotjar.com     https://snap.licdn.com     https://static.ads-twitter.com     https://static.codepen.io     https://static.hotjar.com     https://translate.googleapis.com     https://www.google-analytics.com     https://www.google.com     https://www.googleadservices.com     https://www.googletagmanager.com     https://www.workable.com     https://www.youtube.com;   connect-src 'self'     *.hotjar.com     https://stats.g.doubleclick.net     https://vc.hotjar.io     https://www.google-analytics.com     https://www.facebook.com/tr/;   font-src 'self' data:     https://fonts.gstatic.com;   img-src 'self' data:     http://t.co     https://lh6.googleusercontent.com     https://p.adsymptotic.com     https://px.ads.linkedin.com     https://stats.g.doubleclick.net/r/collect     https://t.co     https://www.facebook.com     https://www.google-analytics.com     https://www.google.com     https://www.googletagmanager.com     https://www.linkedin.com;   style-src 'self' 'unsafe-inline' data:     http://afeld.github.io/emoji-css/emoji.css     http://hello.myfonts.net/count/3ca576     https://cloud.typography.com/655912/6152352/css/fonts.css     https://fonts.googleapis.com     https://hello.myfonts.net     https://hello.myfonts.net/count/3ca576;   frame-src 'self'     https://bid.g.doubleclick.net     https://codepen.io     https://codesandbox.io     https://platform.twitter.com     https://syndication.twitter.com     https://vars.hotjar.com     https://www.facebook.com     https://www.google.com     https://www.googletagmanager.com     https://www.youtube.com;   media-src data:;   report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 2
font-src data: https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://*.force.com https://*.salesforce.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://www.google.com https://www.paypalobjects.com https://www.youtube.com https://player.twitch.tv https://*.doubleclick.net *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://cdn-assets.affirm.com https://www.google.com https://*.cloudfront.net https://houseofstaunton.com https://www.houseofstaunton.com https://*.gstatic.com *.klevu.com *.ksearchnet.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://container.pepperjam.com https://www.rtb123.com https://connect.facebook.net https://www.gstatic.com https://*.klarnaservices.com https://*.salesforceliveagent.com https://*.googleapis.com https://*.affirm.com https://*.google.com *.klevu.com *.ksearchnet.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://*.force.com https://*.salesforce.com https://cdnjs.cloudflare.com https://cdn-images.mailchimp.com https://imgs.signifyd.com https://*.klarnacdn.net https://*.klarnaservices.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bt.signifyd.com:11103 https://*.klarnaservices.com https://*.affirm.com https://*.googleapis.com *.klevu.com *.ksearchnet.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com; report-uri /.webscale/csp-report 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; report-uri https://okta.report-uri.com/r/d/csp/reportOnly; report-to csp 2
default-src 'self' *.ctfassets.net;img-src 'self' *.ctfassets.net *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' ws: *.contentful.com *.bugsnag.com *.google-analytics.com *.swish.nu *.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' *.facebook.net *.googletagmanager.com *.google-analytics.com 'sha256-EbIf/28oJqqS5jlA4F4cxAuQyBgLsbwNN3SaKD7SPG8=' 'sha256-fNl6dMU2ozNYP+OO/xe3UlSrQ/B7H/B5mYtcdLPGSWc='; report-uri https://eo7f9vdutam5kd9.m.pipedream.net; report-to csp-report 2
default-src 'self' https://accelerite.com; connect-src 'self' *.accelerite.com *.cloudflare.com *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.hotjar.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.zoho.com *.zohopublic.com connect.facebook.net ws://vts.zohopublic.com https://www.google-analytics.com https://accelerite.com; font-src 'self' *.accelerite.com *.cloudflare.com *.cloudfront.net *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.gstatic.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.zohostatic.com accelerite-dev.peppersquare.com connect.facebook.net data: https://accelerite.com; form-action 'self' *.accelerite.com *.cloudflare.com *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com accelerite-dev.peppersquare.com connect.facebook.net https://accelerite.com; frame-src *.accelerite.com *.google.co.in *.google.com *.hotjar.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.youtube.com *.zohopublic.com connect.facebook.net https://accelerite.com; child-src *.accelerite.com *.google.co.in *.google.com *.hotjar.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.youtube.com *.zohopublic.com connect.facebook.net https://accelerite.com; img-src 'self' *.accelerite.com *.cloudflare.com *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.gravatar.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.techtarget.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.wallyworld.zzzz accelerite-dev.peppersquare.com connect.facebook.net data: http://b.wallyworld.zzzz https://www.googletagmanager.com https://accelerite.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.accelerite.com *.cookiepro.com *.google.co.in *.google.com *.hotjar.com *.kissmetrics.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com connect.facebook.net encoded https: https://accelerite.com; style-src 'self' 'unsafe-inline' *.accelerite.com *.cloudflare.com *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com accelerite-dev.peppersquare.com connect.facebook.net encoded https: https://accelerite.com; worker-src *.accelerite.com *.cookiepro.com *.google.co.in *.google.com *.hotjar.com *.ttgtmedia.com *.zohopublic.com connect.facebook.net; sandbox allow-forms allow-pointer-lock allow-popups allow-same-origin allow-scripts; report-uri https://accelerite.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=232636d251 2
font-src *.abtasty.com *.zipmoney.com.au *.stockinstore.net data: *.gstatic.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.googletagmanager.com *.google.com *.doubleclick.net *.hotjar.com *.pmnts.io 'self'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.abtasty.com *.facebook.com *.pmnts.io *.klarna.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ https://www.youtube.com *.pmnts-sandbox.io *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com *.abtasty.com *.turn.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnacdn.net *.klarnaservices.com https://www.magezon.com *.pinterest.com *.facebook.com *.facebook.com/tr *.google.com *.google.com.au *.roymorgan.com *.doubleclick.net data: *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.imgix.net 'self' 'unsafe-inline'; script-src *.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.abtasty.com *.cloudfront.net *.cloudflare.com *.facebook.net *.tiktok.com *.zdassets.com *.tommy.com *.luckyorange.net *.particularaudience.com *.stockinstore.net apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com s7.addthis.com *.google.com *.googletagmanager.com *.google.com.au *.pmnts.io *.pmnts-sandbox.io *.afterpay.com *.doubleclick.net *.pinimg.com *.cfjump.com *.roymorgan.com *.forter.com *.usabilla.com wss://widget-mediator.zopim.com *.hotjar.com *.attraqt.io *.newrelic.com *.js-agent.newrelic.com *.nr-data.net *.klarnacdn.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.googleadservices.com *.google-analytics.com *.zipmoney.com.au *.gstatic.com *.googleapis.com *.paypal.com *.paypalobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.bazaarvoice.com *.stockinstore.net *.klarnacdn.net display.ugc.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com ekr.zdassets.com/ *.pinterest.com *.google.com *.google.com.au *.cardinalcommerce.com *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.paypal.com *.zdassets.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src *.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com https://googleads.g.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://vars.hotjar.com https://c.paypal.com https://c.sandbox.paypal.com https://home-c56.nice-incontact.com https://ez-prints.sjv.io https://target-prints.pxf.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.twitter.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://apps.ezprints.com https://maps.gstatic.com https://bat.bing.com https://maps.googleapis.com/ https://*.stats.paypal.com https://cdn.klarna.com https://c.paypal.com https://c.sandbox.paypal.com https://*.clarity.ms https://ez-prints.sjv.io https://target-prints.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://www.googleadservices.com https://*.hotjar.com https://*.paypal.com https://*.braintreegateway.com/ https://*.clarity.ms https://home-c56.nice-incontact.com https://d.impactradius-event.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://www.google-analytics.com https://*.sandbox.braintree-api.com https://*.braintree-api.com https://client-analytics.braintreegateway.com https://stats.g.doubleclick.net/ https://*.hotjar.com wss://*.hotjar.com https://www.paypal.com https://maps.googleapis.com https://*.clarity.ms https://ez-prints.sjv.io https://target-prints.pxf.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://www.google.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.artdeco.com *.artdeco.de *.bootstrapcdn.com *.heidelpay.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to *.google.com *.ratepay.com *.pay1.de *.heidelpay.com *.jsctool.com *.trbo.com *.hotjar.com *.redintelligence.net ad4m.at *.ad4m.at *.ad-srv.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.mollie.com *.nosto.com *.nos.to *.artdeco.com *.artdeco.de *.usercentrics.eu *.trustedshops.com *.outbrain.com 'self' data: *.googletagmanager.com *.pay1.de *.tiktok.com *.pinterest.com *.facebook.com *.google.com *.google.de *.adserver01.de *.adition.com *.taboola.com ad4m.at *.ad4m.at *.creative-serving.com *.doubleclick.net *.adsrvr.org *.adscale.de *.onaudience.com *.smartadserver.com *.pubmatic.com *.casalemedia.com *.twiago.com *.exelator.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.mollie.com *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com *.artdeco.com *.artdeco.de *.b-ite.com *.usercentrics.eu *.googletagmanager.com *.getflowbox.com *.trustedshops.com *.google.com *.gstatic.com *.outbrain.com *.pay1.de *.ratepay.com *.heidelpay.com *.trbo.com *.hotjar.com *.facebook.net *.tiktok.com *.scarabresearch.com *.pinimg.com *.dwin1.com *.taboola.com ad4m.at *.ad4m.at *.teads.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.nos.to *.bootstrapcdn.com *.artdeco.com *.artdeco.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.flbx.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com *.artdeco.com *.artdeco.de *.usercentrics.eu *.google-analytics.com *.ratepay.com *.heidelpay.com *.scarabresearch.com *.pinterest.com *.tiktok.com *.doubleclick.net *.hotjar.com *.taboola.com *.getflowbox.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://consentcdn.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com g16.wufoo.eu vars.hotjar.com www.google.com g16.wufoo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.yotpo.com www.google.com bat.bing.com c.clarity.ms www.google.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com tagmanager.google.com ssl.google-analytics.com connect.facebook.net *.yotpo.com www.bugherd.com bat.bing.com static.hotjar.com googleads.g.doubleclick.net d.clarity.ms script.hotjar.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net https://consent.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com stats.g.doubleclick.net in.hotjar.com *.clarity.ms bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; 2
font-src *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.netreviews.eu cl.avis-verifies.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.google.fr *.facebook.com bat.bing.com *.linkedin.com *.avis-verifies.com *.netreviews.eu *.googletagmanager.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu cl.avis-verifies.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com *.avis-verifies.com *.pardot.com *.larcier-intersentia.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es www.google-analytics.com bat.bing.com *.doubleclick.net *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.sixflags.com *.laronde.com *.sixflags.com.mx *.6flags.com 'unsafe-inline' 'unsafe-eval' data: blob: *.wistia.net *.wistia.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss:// acsbapp.com *.acsbapp.com cdn.acsbapp.com *.convertexperiments.com *.evgnet.com sc-static.net *.cloudflare.com *.cloudflareinsights.com *.cloudflareaccess.com *.googletagmanager.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.googlesyndication.com *.safeframe.googlesyndication.com www.googletagservices.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net *.fls.doubleclick.net *.google.com *.google.ca www.google.ca *.google.com.mx www.google.com.mx *.gstatic.com ups.analytics.yahoo.com bat.bing.com sixflags.us-4.evergage.com www.facebook.com *.facebook.net *.pardot.com *.akamaihd.net *.snapchat.com *.twitter.com *.livechatinc.com *.qualaroo.com js.adsrvr.org *.pbbl.co aa.agkn.com *.amgdgt.com dpm.demdex.net pixel.advertising.com www.youtube.com *.youtube.com *.ytimg.com *.freshdesk.com *.queue-it.net *.litix.io ;report-uri https://2850d87804f5002588a978dd8512ca22.report-uri.com/r/d/csp/wizard; 2
font-src *.gstatic.com data: *.fontawesome.com static.olark.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://checkout-sandbox.getbread.com https://checkout.getbread.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com/ https://www.youtube.com static.olark.com www.facebook.com www.pinterest.com *.addthis.com *.yotpo.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://a.klaviyo.com *.facebook.com https://www.magezon.com store.paradoxlabs.com ct.pinterest.com *.olark.com www.facebook.com *.googleadservices.com *.google.com *.google.com.vn *.doubleclick.net *.bing.com *.clarity.ms cdn.innovolifestyles.com cdn.logfurnitureplace.com cdn.woodlandcreekfurniture.com *.yotpo.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://checkout-sandbox.getbread.com https://checkout.getbread.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://static.klaviyo.com https://fast.a.klaviyo.com *.googletagmanager.com *.facebook.net *.google.com/ *.authorize.net *.yotpo.com *.klaviyo.com *.getbread.com s.pinimg.com *.olark.com *.addthis.com z.moatads.com v1.addthisedge.com *.bing.com www.gstatic.com *.clarity.ms www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com static.olark.com *.klaviyo.com s.pinimg.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://checkout-sandbox.getbread.com https://checkout.getbread.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://*.ingest.sentry.io https://static.klaviyo.com https://fast.a.klaviyo.com *.google-analytics.com *.authorize.net *.yotpo.com ct.pinterest.com *.klaviyo.com knrpc.olark.com *.googleadservices.com *.google.com *.doubleclick.net *.clarity.ms *.addthis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'unsafe-inline' 'unsafe-eval' data: https:; 2
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.google.com accounts.google.com *.meetanshi.com *.purolator.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.sendcloud.sc static.olark.com tracking.sezzle.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.rfihub.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.klevu.com *.ksearchnet.com www.google.com accounts.google.com mageside.com *.canadapost.ca *.googleapis.com *.gstatic.com *.meetanshi.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com media.sezzle.com www.googletagmanager.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.googleapis.com *.google.com *.gstatic.com *.meetanshi.com *.purolator.com connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com embed.sendcloud.sc knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com widget.sezzle.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://torontovaporizer.ca/; report-to report-endpoint; 2
object-src 'none'; script-src 'self' https://rebilly.github.io https://static.addtoany.com kit.fontawesome.com 'unsafe-inline'; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://rebilly.github.io https://static.addtoany.com kit.fontawesome.com; style-src 'self' fonts.googleapis.com use.fontawesome.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; media-src https: 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2
font-src js.klevu.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mention-me.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com *.nosto.com js.klevu.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.crafterscompanion.co.uk www.crafterscompanion.com www.crafterscompanion.eu *.klevu.com *.ksearchnet.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.nosto.com js.klevu.com www.dwin1.com www.google.com www.gstatic.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com js-agent.newrelic.com bam.nr-data.net *.klevu.com *.ksearchnet.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mention-me.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com js.klevu.com *.klevu.com *.ksearchnet.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.nosto.com js-agent.newrelic.com bam.nr-data.net *.klevu.com *.ksearchnet.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mention-me.com *.nos.to www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob:; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.adyen.com *.surveysparrow.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.surveysparrow.com *.pinterest.com *.echatsoft.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.cloudflare.com *.klarna.com *.klarnaevt.com *.googleadservices.com *.google-analytics.com *.google.pl *.gstatic.com *.googletagmanager.com *.paypal.com *.ytimg.com *.zdassets.com *.zendesk.com *.zopim.com *.naver.com *.pinterest.com *.surveysparrow.com *.baidu.com *.rainbowred.com https://yotpo-editor-production.s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.avada.io *.cloudflare.com *.cloudflareinsights.com https://chimpstatic.com *.googleoptimize.com *.googleapis.com *.twimg.com *.gstatic.com *.fontawesome.com *.zdassets.com *.zendesk.com *.zopim.com *.klarna.com *.surveysparrow.com *.newrelic.com *.nr-data.net *.naver.net *.naver.com *.tiktok.com *.pinimg.com *.baidu.com *.echatsoft.com *.dwin1.com *.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.gstatic.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com *.echatsoft.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com 'self' data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net https://get.geojs.io *.avada.io *.cloudflare.com *.googleapis.com *.nr-data.net *.doubleclick.net *.zendesk.com *.klarna.com *.klarnaevt.com *.surveysparrow.com *.naver.com *.pinterest.com *.tiktok.com *.echatsoft.com https://static.zdassets.com https://ekr.zdassets.com https://gstatic.com https://*.zopim.com wss://*.zopim.com wss://*.echatsoft.com 'self' data: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'none'; script-src 'unsafe-eval' 'unsafe-inline' data: blob: http: https:; object-src 'none'; report-uri https://sentry.itgalaxy.company/api/85/csp-report/?sentry_key=1fbf25e90f114a3d83a19aa4fa432dcf 2
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data: *.google-analytics.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2
default-src 'self' blob: data: https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://*.getbeyond.com https://*.pardot.com/ https://www.youtube.com/ https://beyondinc.applytojob.com/ https://beyondinc.applytojob.com/ https://player.vimeo.com/ https://vars.hotjar.com/ https://bid.g.doubleclick.net https://*.getbeyond.com https://*.pardot.com https://www.facebook.com/; img-src 'self' blob: data: https://p.adsymptotic.com/ https://*.vimeocdn.com https://*.google.pl/ https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://secure.gravatar.com/avatar/b54d075628d2fd50c2c02e292b3a2d22 https://www.google.pl/pagead/1p-conversion/* https://stats.g.doubleclick.net/ https://i.ytimg.com https://*.getbeyond.com  https://cdnjs.cloudflare.com/ajax/ https://www.facebook.com/tr/ https://px.ads.linkedin.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com/tr/; font-src 'self' data: https://script.hotjar.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://static.juicer.io/ https://cdnjs.cloudflare.com/ajax/ https://static.juicer.io/ https://fonts.googleapis.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://widget.instabot.io/jsapi/rokoInstabot-widget.js https://widget.instabot.io/jsapi/rokoInstabot.js https://widget.instabot.io/jsapi/rokoInstabot.js* https://cdn.freshmarketer.com/750149/1801092.js https://acsbapp.com/apps/app/dist/js/app.js https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://www.googleadservices.com https://s.ytimg.com https://www.youtube.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.getbeyond.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com  https://cdnjs.cloudflare.com/ https://assets.juicer.io/ https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://pi.pardot.com; style-src 'self' 'unsafe-inline' https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://assets.juicer.io/ https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://*.facebook.com https://stats.g.doubleclick.net/j/collect https://widget.instabot.io/jsapi/rokoInstabot-widget.js https://src.freshmarketer.com https://livechat.instabot.io/clientlogin https://google.com/ads/ https://widgetapi.instabot.io https://src.freshmarketer.com/sr https://cdn.acsbapp.com/cache/app/getbeyond.com/config.json https://cdn.acsbapp.com/cache/app/en.build.json https://cdn.acsbapp.com/cache/app/en.build.json https://widgetapi.instabot.io/plugins.js* https://www.google-analytics.com; object-src 'none'; report-uri https://my.getbeyond.com/csp-report; 2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://draft.blogger.com/cspreport 2
font-src yotpo.com 'self' data: 'unsafe-inline' data: *.magentocommerce.com *.googleapis.com *.gstatic.com *.cloudfront.net *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net *.amazonaws.com *.acsbapp.com use.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com yotpo.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' data: 'unsafe-inline' data: *.authorize.net *.sandbox.paypal.com *.vimeo.com *.googletagmanager.com *.cardinalcommerce.com *.magentocommerce.com cdn.dnky.co youtube.com www.youtube.com *.hotjar.com *.google.com/ www.facebook.com *.trustpilot.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com swellrewards.com *.swellrewards.com connect.facebook.net *.doubleclick.net *.expertvoice.com *.acsbapp.com https://www.paypalobjects.com graph.facebook.com business.facebook.com webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.wesupply.xyz p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com cdn.swellrewards.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: 'unsafe-inline' data: *.sandbox.paypal.com *.ytimg.com yotpo.com www.facebook.com *.ssl-images-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com *.magentocommerce.com *.cloudfront.net *.gstatic.com www.google.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud connect.facebook.net *.adnxs.com *.amplifi.io *.quantserve.com *.mediaiqdigital.com *.shareasale.com *.doubleclick.net *.hotjar.com *.acgbrands.com https://acgbrands.com *.acsbapp.com graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com cdn.swellrewards.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com 'self' data: 'unsafe-inline' data: *.authorize.net *.googleadservices.com *.paypalobjects.com *.braintreegateway.com *.sandbox.paypal.com *.ytimg.com *.google.com/ vimeo.com *.cardinalcommerce.com *.ccdc02.com *.youtube.com *.magentocommerce.com *.cloudfront.net google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com www.facebook.com *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital.com https://storage.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com *.quantcount.com *.quantserve.com *.doubleclick.net *.experticity.com *.dwin1.com *.dwin1.org *.expertvoice.com *.acsbapp.com https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com https://shop.pe https://shopper.shop.pe/input.js https://dwin1.org/js/14356.js graph.facebook.com business.facebook.com webchat.dotdigital.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com *.cloudflare.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com cdn.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' data: 'unsafe-inline' data: *.googleapis.com *.magentocommerce.com *.cloudfront.net *.bootstrapcdn.com cdn.dnky.co *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com *.dotdigital.com swellrewards.com *.swellrewards.com fonts.googleapis.com connect.facebook.net https://cdnjs.cloudflare.com *.acsbapp.com yotpo.com webchat.dotdigital.com unsafe-inline p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com cdn.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' data: 'unsafe-inline' data: *.cloudfront.net *.magentocommerce.com commerce.adobedc.net api.comapi.com google-analytics.com *.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.cardinalcommerce.com *.zendesk.com *.nr-data.net www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com connect.facebook.net www.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.yotpo.com swellrewards.com *.swellrewards.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.googleapis.com *.experticity.com *.grin.co *.acsbapp.com graph.facebook.com business.facebook.com webchat.dotdigital.com ekr.zdassets.com/ www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com cdn.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; object-src 'none';img-src 'self' https://*.greenwheels.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.facebook.com data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com ;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://*.greenwheels.com https://www.google-analytics.com; frame-src https://*.greenwheels.com https://*.smartlook.com https://*.smartlook.cloud ; script-src 'self' 'unsafe-inline'; script-src-elem * 'self' https://*.smartlook.com https://*.smartlook.cloud 'nonce-randomlyGeneratedBase64Nonce' 'sha256-n/7gbCw+WmsD7F/+39VVixTYgKohObbo81AF86hI5vM=' 'sha256-6LznYDacT/3QgJvp0yiCfqUoy+XE5QloY8gZDhPtlPQ=' 'sha256-ruDyYgAnz/D7ohQLeFlVNQ7gRvg/K1NqaL/s8UgrOOg=' 'unsafe-eval'; worker-src 'self' blob: 2
base-uri 'self'; connect-src 'self' https://889-dkw-954.mktoresp.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://api.five9.com https://app-ab16.marketo.com https://vars.hotjar.com; img-src 'self' https://app.five9.com https://www.google-analytics.com https://www.gstatic.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://61538bd76985df6b7168034c.endpoint.csper.io/; script-src 'report-sample' 'self' https://app-ab16.marketo.com/js/forms2/js/forms2.min.js https://cdn.crowdfiber.io/jquery/3.3.1/jquery.min.js https://connect.arvig.com/embed/53.js https://connect.facebook.net/en_US/fbevents.js https://munchkin.marketo.net/munchkin.js https://script.hotjar.com/modules.e95f6e2deb67f1b24d8e.js https://secure.pointillist.com/analytics/pntlst-stub.js https://static.hotjar.com/c/hotjar-2280668.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/translate_static/js/element/main.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://app-ab16.marketo.com https://cdn.crowdfiber.io https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.googleapis.com; worker-src 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.hotjar.com *.pcapredict.com *.psplugin.com *.postcodeanywhere.co.uk *.googleapis.com *.cardinalcommerce.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.hotjar.com *.pcapredict.com *.psplugin.com *.postcodeanywhere.co.uk *.googleapis.com *.cardinalcommerce.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net; worker-src 'self' *.psplugin.com blob:; frame-src *.trustpilot.com *.hotjar.com *.braintreegateway.com www.googletagmanager.com; 2
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://widgets.trustedshops.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com assets.braintreegateway.com tst.kaptcha.com c.paypal.com *.cardinalcommerce.com www.google.com *.klarna.com *.maps.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com assets.braintreegateway.com checkout.paypal.com data: *.klarnacdn.net *.klarna.com *.klarnaevt.com www.w3.org https://widgets.trustedshops.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarnacdn.net *.klarnaservices.com https://widgets.trustedshops.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://widgets.trustedshops.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.klarnaevt.com *.playground.klarnaevt.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.xtento.com https://plumrocket.com https://www.youtube.com/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com validator.swagger.io *.awin1.com *.zenaps.com *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com 'self' data: https://cdn.cookielaw.org/ https://widgets.trustedshops.com/ https://*.usercentrics.eu/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.plugins.emarsys.net *.scarabresearch.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com https://cdn.cookielaw.org/ https://widget.trustpilot.com/ https://invitejs.trustpilot.com/ https://widgets.trustedshops.com/ https://*.zdassets.com/ https://*.usercentrics.eu/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.zdassets.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com https://the.sciencebehindecommerce.com *.scarabresearch.com *.eservice.emarsys.net *.pixriot.com *.storeimaging.com *.google-analytics.com https://cdn.cookielaw.org/ https://*.zdassets.com/ https://*.usercentrics.eu/ https://hjhoffice.zendesk.com/ wss://widget-mediator.zopim.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com bm-rx.atatus.com www.googletagmanager.com www.gstatic.com media.slotland.eu; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: media.slotland.eu; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bm-rx.atatus.com www.googletagmanager.com www.gstatic.com www.google-analytics.com media.slotland.eu *.cloudfront.net api.livechatinc.com *.hotjar.com cdn.livechatinc.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: secure.livechatinc.com; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: media.slotland.eu; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io media.slotland.eu api.livechatinc.com cdn.livechatinc.com *.hotjar.com bm-rx.atatus.com www.google-analytics.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.livechatinc.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com media.slotland.eu; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: secure.livechatinc.com *.hotjar.com ; form-action 'none' data: blob: ; report-uri /csp_report 2
default-src 'self';  frame-src 'self' *.youtube.com destinilocators.com *.jotform.com *.adsrvr.org assets.ctfassets.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.trkn.us *.googletagmanager.com *.googlesyndication.com *.postscript.io;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.adsrvr.org *.googlesyndication.com destinilocators.com *.jotform.com chimpstatic.com *.mailchimp.com *.list-manage.com *.postscript.io;  child-src 'self' *.youtube.com *.google.com *.twitter.com;  style-src 'self' 'unsafe-inline' data: *.typekit.net *.googleapis.com *.googletagmanager.com *.mailchimp.com;  img-src * blob: data:;  media-src 'none';  object-src 'self' data: assets.ctfassets.net;  connect-src *;  font-src 'self' data: *.typekit.net; 2
font-src *.fontawesome.com *.relaxdays.com *.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com www.facebook.com www.paypal.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com tpc.googlesyndication.com www.youtube.com www.youtube-nocookie.com www.facebook.com ct.pinterest.com www.pinterest.com www.pinterest.de *.sibforms.com sibautomation.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.it-recht-kanzlei.de *.relaxdays.com i.pinimg.com log.pinterest.com www.pinterest.com ct.pinterest.com *.g.doubleclick.net *.googleadservices.com www.google.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.co.uk www.googletagmanager.com *.gstatic.com *.googleusercontent.com www.facebook.com connect.facebook.com *.cloudfront.net *.bing.com analytics.tiktok.com alb.reddit.com 'self' data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.relaxdays.com assets.pinterest.com widgets.pinterest.com s.pinimg.com www.googletagmanager.com tagmanager.google.com www.google.com www.gstatic.com www.google.de connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com bat.bing.com analytics.tiktok.com sibautomation.com *.sendinblue.com www.redditstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com unsafe-inline *.relaxdays.com tagmanager.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.relaxdays.com www.google-analytics.com *.google.com *.g.doubleclick.net www.facebook.com log.pinterest.com ct.pinterest.com www.paypalobjects.com bat.bing.com analytics.tiktok.com *.sendinblue.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 2
font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.youtube.com *.facebook.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.pinterest.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.ytimg.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.fontawesome.com *.vimeocdn.com *.youtube.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.facebook.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://js-agent.newrelic.com https://bam.nr-data.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com api.comapi.com webchat.dotdigital.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://js-agent.newrelic.com https://bam.nr-data.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://www.google.com cdn.dnky.co webchat.dotdigital.com *.wesupply.xyz *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com https://s.ytimg.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.yotpo.com *.player.vimeo.com *.authorize.net webchat.dotdigital.com *.newrelic.com *.nr-data.net bam.nr-data.net https://www.google.com https://www.gstatic.com cdn.dnky.co api.comapi.com *.cloudflare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com fonts.googleapis.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net cdn.dnky.co yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com www.google-analytics.com *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.nr-data.net bam.nr-data.net api.comapi.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
img-src 'self' https://*.mbaec.de 'unsafe-inline'; 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.addtoany.com https://www.google.com/ https://service.loadbee.com/ https://vars.hotjar.com/ https://static.rolex.com/ https://retailers.rolex.com/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.facebook.com https://www.google.com https://www.google.co.in https://googleads.g.doubleclick.net https://www.googletagmanager.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.addtoany.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://graph.facebook.com https://widgets.pinterest.com https://cdn.loadbee.com/js/loadbee_integration.js https://static.hotjar.com https://script.hotjar.com https://static.rolex.com https://retailers.rolex.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com cdn.ampproject.org www.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://stats.g.doubleclick.net https://bam.nr-data.net https://availability.loadbee.com https://analytics.google.com https://in.hotjar.com https://vc.hotjar.io https://static.rolex.com https://retailers.rolex.com https://static.addtoany.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ cdn.ampproject.org https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
upgrade-insecure-requests 2
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.googleapis.com *.gstatic.com *.cdninstagram.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de maps.googleapis.com ajax.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com https://redchamps.com data: 'self' 'unsafe-inline'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src https://www.steelslitting.com/wp-content/jquery.min.js uaEAgsI2PqeeSgtq58iDIVQIJ2tiKzvVnnnPH+eKPSQ= assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com *.googleapis.com *.google.com *.gstatic.com *.avada.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; 2
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 2
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.youtube.com;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com meta.ada.support;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.youtube.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data: *.oculuscdn.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com *.cardinalcommerce.com *.youtube.com meta.ada.support;worker-src blob: *.facebook.com data: *.youtube.com *.facebook.net;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 2
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudfront.net 'unsafe-inline' data: *.googleapis.com *.gstatic.com *.avr-online.de avr-online.de *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de secure.pay1.de payments.amazon.de www.jsctool.com m.stripe.com x.klarnacdn.net klarna.com cdn.dnky.co webchat.dotdigital.com *.cookiebot.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.com *.google.de *.googletagmanager.com *.linkedin.com *.pinterest.com *.redbull.com *.usd.de *.usercentrics.eu www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com m.stripe.com klarna.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.cloudfront.net *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.haymarketstat.de *.licdn.com *.linkedin.com *.logopaletti.de *.redbull.com *.trustedshops.com *.pinimg.com *.usercentrics.eu *.avr-online.de avr-online.de www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com d.ratepay.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.cloudfront.net *.cookiefirst.com *.google.com *.trustedshops.com *.avr-online.de avr-online.de *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de payments.amazon.de d.ratepay.com www.jsctool.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io *.cookiefirst.com *.cookiebot.com *.cookielaw.org *.doubleclick.net *.elfsight.com *.google.de *.google-analytics.com *.haymarketstat.de *.logopaletti.de *.usercentrics.eu *.pinterest.com *.avr-online.de avr-online.de *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bing.com *.clarity.ms *.google.com *.google.pl cgraphics.imgix.net *.adsrvr.org *.hubspotusercontent00.net *.hubspot.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.crazyegg.com *.bing.com *.clarity.ms *.steelhousemedia.com *.hsforms.net *.hsforms.com *.getambassador.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hubspotusercontent20.net cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.crazyegg.com *.clarity.ms *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *.ricoh.com.au www.youtube.com connect.facebook.net maps.googleapis.com ml314.com munchkin.marketo.net rum-static.pingdom.net script.hotjar.com snap.licdn.com static.hotjar.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com; style-src 'unsafe-inline' 'report-sample' 'self' *.ricoh.com.au fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.mktoresp.com in.hotjar.com maps.googleapis.com rum-collector-2.pingdom.net stats.g.doubleclick.net vc.hotjar.io www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' vars.hotjar.com www.google.com *.ricoh.com.au www.youtube-nocookie.com; img-src 'self' data: attr.ml-api.io ml314.com ib.adnxs.com loadus.exelator.com maps.googleapis.com maps.gstatic.com pixel.mathtag.com ps.eyeota.net px.ads.linkedin.com s.ml-attr.com trc.taboola.com www.google-analytics.com www.google.com www.google.com.vn www.google.com.au www.facebook.com dpm.demdex.net match.adsrvr.org sync.crwdcntrl.net secure.adnxs.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc='; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2
font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.hotjar.com *.doubleclick.net *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: *.gstatic.com *.googleapis.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.target2sell.com *.freshworks.com *.hotjar.com *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud *.freshworks.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com *.yotpo.com *.nr-data.net *.target2sell.com *.freshworks.com *.googleapis.com stats.g.doubleclick.net *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
font-src fonts.gstatic.com data: *.fontawesome.com *.fonts.googleapis.com *.gstatic.com *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.addthis.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de moogento.com *.moogento.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com l2.moogento.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: ;frame-ancestors 'self'; report-uri /csp-violation-report-endpoint/ 2
script-src https: 'strict-dynamic' 'report-sample' 'nonce-s8g1SaLhfu5vPF46CRTTH+PZaDYPsC+3ja0bFiPoJ/A='; base-uri 'self';report-to csp-endpoint 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-a519cea0b4ec52081d97b342f5eb1781' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src *.gravatar.com; script-src *.gravatar.com *.wp.com *.google-analytics.com apis.google.com/js/ 'nonce-9a0af707773e'; style-src 'self' *.gravatar.com *.wp.com fonts.googleapis.com 'nonce-a62dd2199361'; font-src data: *.gravatar.com *.wp.com fonts.gstatic.com; img-src data: *.gravatar.com gravatar.files.wordpress.com *.wordpress.com/mshots/ *.wp.com vaultpress.com; media-src https://videos.files.wordpress.com/; frame-src *.gravatar.com widgets.wp.com; connect-src *.gravatar.com https://public-api.wordpress.com/; object-src 'none'; base-uri 'self'; report-uri https://public-api.wordpress.com/csp/; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=2335aa73-09f8-49b6-ba73-09e792157e25 1
script-src 'nonce-xDKBiOpEi568MNeI3WHpZw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' *.walmartimages.com; script-src 'self' 'strict-dynamic' drfdisvc.walmart.com cdn.quantummetric.com *.px-cloud.net *.wal.co *.developer.walmart.com beacon.walmart.com i5.walmartimages.com www.recaptcha.net connect.facebook.net *.buywith.com 'nonce-tLYdKr8dtthOrBDK'; style-src 'self' 'unsafe-inline' *.walmartimages.com *.wal.co walmart.sspinc.io; font-src 'self' i5.walmartimages.com *.wal.co fonts.gstatic.com fonts.googleapis.com; img-src 'self' *.walmartimages.com *.online-metrix.net drfdisvc.walmart.com tpc.googlesyndication.com crs.midas.stg.prod.us.walmart.net wrd.walmart.com receipts-query.edge.walmart.com data: *.wal.co www.facebook.com cyborg-wm-auth-service-v2.jet.com maps.googleapis.com securepubads.g.doubleclick.net ad.doubleclick.net tps.doubleverify.com static.adsafeprotected.com pixel.adsafeprotected.com secure-gl.imrworldwide.com ir.surveywall-api.survata.com cdn.doubleverify.com s0.2mdn.net www.gstatic.com *.px-cloud.net collector-pxu6b0qd2s.px-cdn.net beacon.walmart.com cdn-assets.affirm.com res.cloudinary.com *.zeekit.me maps.gstatic.com; connect-src 'self' *.walmartimages.com walmart.sspinc.io c.sspinc.io fitpredictor-api.sspinc.io beacon.walmart.com *.developer.walmart.com *.px-cloud.net collector-pxu6b0qd2s.px-cdn.net *.pxchk.net *.perimeterx.net drfdisvc.walmart.com walmart-sync.quantummetric.com quimby.mobile.walmart.com csp.walmart.com *.wal.co www.facebook.com directline.botframework.com wss://directline.botframework.com chat-qa.walmart.com walmart-sync.quantummetric.com tps.doubleverify.com stats.g.doubleclick.net spendanalyzer-proxy.dev.walmart.com tax-app.prod.pgtax.tax.prod.walmart.com *.doubleclick.net gum.criteo.com ib.adnxs.com tap.walmart.com identity.walmart.com maps.googleapis.com maps.gstatic.com *.quantummetric.com i.liadm.com i6.liadm.com dw.wmt.co idsync.rlcdn.com secure.adnxs.com azmatch.adsrvr.org api.waiting-room.walmart.com; object-src drfdisvc.walmart.com; frame-src 'self' *.walmartimages.com adclick.g.doubleclick.net drfdisvc.walmart.com *.quantummetric.com tap.walmart.com www.facebook.com www.recaptcha.net tpc.googlesyndication.com *.online-metrix.net www.google.com *.buywith.com identity.walmart.com wallet.walmart.com www.affirm.com embed.eko.com; frame-ancestors 'self' www.walmart.com preview.cxtools.walmart.com wallet.walmart.com; media-src cyborg-wm-auth-service-v2.jet.com *.walmartimages.com; report-uri https://csp.walmart.com/c/r/gl 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com 'strict-dynamic' 'nonce-MTQzNTQ1MDU2MywzOTM3ODk1ODk4'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
default-src https: data: blob: android-webview-video-poster: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reports/; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-9eed8c3a0b7778752f9737f18b67a0cb' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self'; base-uri 'self'; font-src cdn.jsdelivr.net; frame-src 'self' cse.google.com www.google.com; img-src 'self' *.amazonaws.com  www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu *.gstatic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu www.google-analytics.com stats.g.doubleclick.net; report-uri /csp-hotline.php 1
default-src 'self'; script-src 'self' *.nist.gov js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net gov-bam.nr-data.net 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.crazyegg.com https://cdn.jsdelivr.net/npm/leaflet-fullscreen@1.0.2/dist/Leaflet.fullscreen.min.js; style-src 'self' 'unsafe-inline' *.nist.gov fonts.googleapis.com *.crazyegg.com https://cdn.jsdelivr.net/npm/leaflet-fullscreen@1.0.2/dist/leaflet.fullscreen.min.css; img-src 'self' 'unsafe-inline' data: *.nist.gov www.google-analytics.com cdnsecakmi.kaltura.com nist-el-nfrlhrr.s3.amazonaws.com *.crazyegg.com https://cdn.jsdelivr.net/npm/leaflet-fullscreen@1.0.2/dist/fullscreen@2x.png https://cdn.jsdelivr.net/npm/leaflet-fullscreen@1.0.2/dist/fullscreen.png api.mapbox.com; media-src nist-el-nfrlhrr.s3.amazonaws.com; frame-src 'self' tube.nist.gov sts.nist.gov sts2.nist.gov *.kaltura.com *.youtube.com *.crazyegg.com *.arcgis.com; frame-ancestors 'self'; child-src 'self' blob: tube.nist.gov sts.nist.gov sts2.nist.gov *.kaltura.com *.youtube.com *.crazyegg.com *.arcgis.com; font-src 'self' *.nist.gov fonts.googleapis.com fonts.gstatic.com; connect-src 'self' bam.nr-data.net bam-cell.nr-data.net gov-bam.nr-data.net www.google-analytics.com *.crazyegg.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'nonce-kc7sy4fNU2kO8KfsqWghYbEJo5C9017v' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://resource.digital.voice.va.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-kc7sy4fNU2kO8KfsqWghYbEJo5C9017v; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com https://i.ytimg.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov https://resource.digital.voice.va.gov https://www.googletagmanager.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com https://stats.g.doubleclick.net http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-0145570fae7b885c4f57cf815a894c75' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
block-all-mixed-content ; report-uri /csp-report 1
frame-ancestors 'self' https://*.filimo.com/; block-all-mixed-content; default-src 'self' https://*.filimo.com/; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://static.cloudflareinsights.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://mc.yandex.com/ https://recaptcha.net/ https://cdn.ampproject.org/ https://*.filimo.com/ https://www.gstatic.com/ https://client.crisp.chat/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://d31qbv1cthcecs.cloudfront.net/ https://www.googletagmanager.com/; style-src 'self' 'report-sample' 'unsafe-inline' data: https://fonts.googleapis.com/ https://*.filimo.com/ https://client.crisp.chat/; object-src 'self'; frame-src *; child-src blob: https://*.filimo.com/; img-src data: blob: * file: android-webview-video-poster:; font-src 'self' data: wss: https:; connect-src *; manifest-src https://*.filimo.com/; base-uri 'self'; form-action data: https://www.facebook.com/ https://*.filimo.com/ https://*.shaparak.ir/; media-src data: blob: *; worker-src blob: https://*.filimo.com/; report-uri https://gate.rapidsec.net/g/r/csp/65d48d31-dc15-445b-9c79-23d886ab7c98/0/6/3?sct=565e133b-d067-4878-9f1a-6412ff3bb3db&dpos=report 1
default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com wss://*.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com wss://alidocs-body.oss-accelerate.aliyuncs.com wss://pre-collab.dingtalk.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org alidocs.oss-cn-zhangjiakou.aliyuncs.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: http: fourier.taobao.com *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com alidocs.oss-cn-zhangjiakou.aliyuncs.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com 'strict-dynamic' 'nonce-MzQ5NDkyMTE2MCw2NDM2MjQ3ODk='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-ba27de9b230d6742a3b9b0581c00153c' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-RrGcuF/Lh2YIc+ncT1lCvujvWzpAQwPBBtRWIYyA7qA='; base-uri 'self';report-to csp-endpoint 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://irishtimes.report-uri.com/r/d/csp/reportOnly 1
require-trusted-types-for 'script';, script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: sc-static.net maps.googleapis.com *.kohls.com *.go-mpulse.net *.twitter.com *.adobedtm.com *.dynamicyield.com *.facebook.net *.ads-twitter.com *.zineone.com *.brsrvr.com *.btstatic.com *.thebrighttag.com *.micpn.com *.indexww.com *.googletagservices.com *.googletagmanager.com *.doubleclick.net *.impactradius-event.com *.google.com *.googlesyndication.com *.googleadservices.com *.vibescm.com *.pinimg.com *.cnnx.link *.bing.com *.clicktale.net *.liadm.com *.scorecardresearch.com *.google-analytics.com *.skavaone.com *.stylitics.com *.sspinc.io *.webcollage.net *.curalate.com *.bazaarvoice.com *.pinterest.com *.yimg.com *.2mdn.net *.tagdelivery.com *.gstatic.com *.ampproject.org *.tvpixel.com *.tiktok.com *.rezync.com *.boomtrain.com *.igodigital.com *.syndigo.com *.paypalobjects.com *.braintreegateway.com *.coherentpath.com *.redditstatic.com *.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.kohls.com *.skavaone.com *.stylitics.com *.bazaarvoice.com *.2mdn.net *.gstatic.com; img-src 'self' data: pippio.com t.co *.kohls.com *.kohlsimg.com *.demdex.net *.rlcdn.com *.adnxs.com *.doubleclick.net *.twitter.com *.everesttech.net *.adsrvr.org *.flashtalking.com *.thebrighttag.com *.micpn.com *.facebook.com *.krxd.net *.rubiconproject.com *.google.com *.lijit.com *.googlesyndication.com *.ojrq.net *.pinterest.com *.bing.com *.adxcel-ec2.com *.dotomi.com *.google-analytics.com *.agkn.com *.liadm.com *.clicktale.net *.curalate.com *.bazaarvoice.com *.admedia.com *.2mdn.net *.admarketplace.net *.bizrate.com *.connexity.net *.yahoo.com *.bluekai.com *.tagdelivery.com *.4cinsights.com *.dynamicyield.com *.stylitics.com *.tvpixel.com *.rezync.com *.fastly.net *.imrworldwide.com *.quantserve.com *.googletagmanager.com *.moatpixel.com *.reddit.com *.syndigo.cloud; connect-src 'self' maps.googleapis.com *.kohls.com *.demdex.net *.omtrdc.net *.go-mpulse.net *.adnxs.com *.adsrvr.org *.dynamicyield.com *.rlcdn.com *.liadm.com *.doubleclick.net *.sjv.io *.rubiconproject.com *.3lift.com *.lijit.com *.pubmatic.com *.yahoo.com *.emxdgt.com *.casalemedia.com *.googlesyndication.com *.pinterest.com *.clicktale.net *.akamaihd.net *.stylitics.com *.curalate.com *.bazaarvoice.com *.yimg.com *.techlab-cdn.com *.addressy.com *.tvpixel.com *.boomtrain.com *.snapchat.com *.akstat.io *.bing.com *.tiktok.com *.facebook.com *.dynatrace.com *.cnnx.link *.domdog.io *.zineone.com *.coherentpath.com *.syndigo.com; frame-src 'self' *.demdex.net *.flashtalking.com *.facebook.com *.doubleclick.net *.google.com *.googlesyndication.com *.liadm.com *.snapchat.com *.2mdn.net *.rlcdn.com *.pinterest.com; worker-src 'self' blob: *.google.com; font-src 'self' data: *.gstatic.com *.stylitics.com; form-action 'self' g.co *.snapchat.com *.facebook.com; base-uri 'self' *.kohls.com; frame-ancestors 'none'; manifest-src 'self' *.kohls.com; media-src 'none'; object-src 'none'; report-uri https://csp38.domdog.io/report-uri/a9a6fb14-365a-4648-b17b-2e47930f8b49 1
script-src 'nonce-DY8DxEFThNYxpvB03jvWWw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'self' https://ajax.aspnetcdn.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com https://www.osha.gov; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org api.wikimedia.org wikimania.wikimedia.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.doubleclick.net; font-src 'self' *.typekit.net; frame-src 'self' *.google.com *.marketo.com *.youtube.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences *.marketo.com; script-src 'self' 'nonce-1ESRfgIiTEMjyN17JLcuuQ==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' *.addtoany.com *.bootstrapcdn.com *.marketo.com *.github.com/flurrydev/ *.github.com/ydn/ *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yimg.com *.bootstrapcdn.com github.githubassets.com/assets/ *.marketo.com *.typekit.net; report-uri /csp-report 1
upgrade-insecure-requests;default-src 'self' 'unsafe-eval' 'unsafe-inline' ssl.uh.edu *.uh.edu uh.edu *.vimeo.com vimeo.com *.youvisit.com youvisit.com *.mapbox.com mapbox.com ai.ocelotbot.com embed.ocelotbot.com uhsystem.edu *.uhsystem.edu *.youtube.com youtube.com www.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.1.1/socket.io.js e.issuu.com api.visitdays.com web.microsoftstream.com forms.office.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com googletagmanager.com tagmanager.google.com www.google-analytics.com google-analytics.com *.hotjar.com wss://*.hotjar.com *.hotjar.io translate.googleapis.com;img-src 'self' data: blob: *.uh.edu uh.edu *.uhsystem.edu uhsystem.edu *.youtube.com sp.youvisit.com embed.ocelotbot.com id.ocelotbot.com i.vimeocdn.com fonts.gstatic.com www.googletagmanager.com *.google-analytics.com translate.google.com;worker-src *.uh.edu uh.edu blob:;form-action 'self' *.uh.edu uh.edu *.uhsystem.edu uhsystem.edu;base-uri 'self' *.uh.edu uh.edu *.uhsystem.edu uhsystem.edu;frame-ancestors 'self' *.uh.edu uh.edu *.uhsystem.edu uhsystem.edu e.issue.com;object-src 'self' *.uh.edu uh.edu *.uhsystem.edu uhsystem.edu *.youvisit.com youvisit.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' ssl.uh.edu *.uh.edu uh.edu www.googletagmanager.com googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com google-analytics.com www.gstatic.com static.hotjar.com script.hotjar.com *.vimeo.com vimeo.com *.youvisit.com youvisit.com *.mapbox.com mapbox.com *.google-analytics.com ai.ocelotbot.com embed.ocelotbot.com ai.fatv.us uhsystem.edu *.uhsystem.edu *.youtube.com youtube.com https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.1.1/socket.io.js e.issuu.com api.visitdays.com web.microsoftstream.com forms.office.com embed.financialaidtv.com;report-uri https://uh.edu/csp-reporting/index.php 1
script-src 'nonce-XicZ/dINLmw+mNr4T+tf6iMS/UU=' 'strict-dynamic' http: https: 'unsafe-inline' 'unsafe-eval' 'report-sample'; report-uri https://5efa142cf6ac1962affe1cca.endpoint.csper.io?v=1; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-b237fb77ac0f961a228bfbda1e707295' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-67605bff805a0c287fad7438070b4afa' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-8aeb7f30793c200889776635f67f08ec' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lietou-static.com *.liepin.com *.liepin.cn *.aliyuncs.com *.baidu.com *.qq.com zz.bdstatic.com pingjs.qq.com webapi.amap.com restapi.amap.com open.liepin.com ae.bdstatic.com captcha.gtimg.com captcha.myqcloud.com cdn.jsdelivr.net data: blob:; child-src:* data: blob: ; img-src * android-webview-video-poster: data: blob:;  font-src * data: blob:; frame-src * data: blob: wvjbscheme:; worker-src * data: blob: ; media-src * data: blob: ; report-uri https://alarmhook.liepin.com/hook/lpsoc-save-csp.json 1
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
base-uri 'self';connect-src 'self' https: https://www.recaptcha.net wss:;default-src 'self' https: wss: blob: data:;form-action 'self' https:;img-src 'self' https: http://iea.imgix.net https://iea.imgix.net data:;media-src 'self' https: data: http://iea.imgix.net https://iea.imgix.net;object-src 'none';script-src 'self' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.recaptcha.net https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com 'sha256-l/3fcn6MZG0SSVJq6fOLe49ZKIjbWdNzhreJz7KQ/1M=' 'sha256-+MedjqNIfWWYUGuHJ53XLEjzmGDCp9Om50MVUO/C/zo=' 'nonce-y1PvjsHPLQBqjE0hbaXDMHITdrHzQyfr';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self' 1
frame-ancestors 'self' *.yahoo.com s.yimg.com twitter.com; block-all-mixed-content; default-src 'self'; script-src 'self' 'sha256-o/GTCHhLQo0C3sw+mTjRKMXCmuKtU2Cz/iSDMC8HR1o=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-DG0Wc8mFiihsqSyjAVfD+a8800zVpIZMdBLnKmkns6Q=' 'sha256-KllKdl24EeE57Gye0zxXzOK/lYkQ6JnNY+4BetcKFmI=' 'sha256-dNUzUpuQoO3tzHc4n/txZN3iPP39Kh8RxvrXBpA1sC4=' 'sha256-FQHqylr/yYUnLifdeDARfaWPZmRHsr8O4CtFRUVKPyU=' 'sha256-QuVn8H8+dI2+DweRZ6uHmQP9m1j7hP5mmRpShDzJ/GA=' 'sha256-xi2ybHXu5i0Xipzaarog1tUNPPs5z4+t2uq/CWARGXs=' 'report-sample' https://*.demdex.net https://*.everesttech.net vjs.zencdn.net https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://www.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://maps.googleapis.com https://bat.bing.com https://r.bing.com https://s.yimg.com https://*.yahoo.com https://query.yahooapis.com https://cdn.browsiprod.com https://st1.dialogtech.com https://d31y97ze264gaa.cloudfront.net http://d31y97ze264gaa.cloudfront.net https://*.decibelinsight.net https://*.metlife.com https://assets.adobedtm.com https://*.brightcove.net https://*.licdn.com https://analytics.twitter.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://platform.twitter.com https://en.twitter.com https://cdn.syndication.twimg.com https://static.ads-twitter.com https://*.ep-mimecast.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://m.youtube.com https://bttrack.com https://cdn.bttrack.com https://static.hotjar.com https://script.hotjar.com https://*.twitter.com tt.mbww.com www.google-analytics.com https://api5677.d41.co http://api5677.d41.co https://cdn-0.d41.co http://cdn-0.d41.co http://players.brightcove.net https://cdnssl.clicktale.net http://cdn.clicktale.net http://static.ads-twitter.com http://www.youtube.com https://www.gstatic.com http://bat.bing.com https://cdn.kitewheel.com https://smarticon.geotrust.com http://smarticon.geotrust.com http://www.googleadservices.com https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net http://www.googletagmanager.com https://cache.dga.jp https://d21lzy3dk86arg.cloudfront.net https://r.turn.com https://polyfill.io https://metlife.sc.omtrdc.net https://qa.s1gateway.com https://t.contentsquare.net http://t.contentsquare.net https://nexus.ensighten.com http://nexus.ensighten.com https://nebula-cdn.kampyle.com http://nebula-cdn.kampyle.com *.liveperson.net *.facebook.com *.adobedtm.com *.youtube.com; style-src 'self' 'sha256-DwaExrLRoisJrYAfHRUIn4+As40DIIDYeN4fN+BwsZQ=' 'sha256-Dwtjye9jCHziHcfAER7ZBPwBkkhszub5FN3gvKPO0DY=' 'sha256-j20/YkFhCnzEI+p0uf9OQnRcwEJOyeOI2ja1WWYmwxY=' 'sha256-AHtqGIKHiUalONG+xeO90E9yUgWLoWuygINiCuiaBnA=' 'sha256-M9BkD1ZMeSS2fmccF0trIBmcoBFs2Na6bRqeSX/s/Kw=' 'sha256-cUf4WVw9iSpfwq0ImVNBfy6MrEjCdDLorj3P58ltNlg=' 'sha256-7Fz4pRsA2eDkTNFfFS5Z4vMsH8Nn3+htwOpkm5rdV3A=' 'sha256-2NS0vuFGA/aqAe8Ma+IELNIHCU8ATN+k4h08d+QazLg=' 'report-sample' 'unsafe-inline' fonts.googleapis.com players.brightcove.net *.google.com *.bing.com https://*.metlife.com *.licdn.com ton.twimg.com platform.twitter.com cache.dga.jp; object-src c.brightcove.com players.brightcove.net *.googlesyndication.com; frame-src 'self' *.everesttech.net *.demdex.net players.brightcove.net *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com maps.google.com maps.googleapis.com sdx.microsoft.com *.yahoo.com s.yimg.com nebula-cdn.kampyle.com www.linkedin.com *.twitter.com *.facebook.com connect.facebook.net *.youtube.com www.youtube-nocookie.com vars.hotjar.com twitter.com assets.adobedtm.com s.amazon-adsystem.com tracker.samplicio.us lpcdn.lpsnmedia.net lo.idp.liveperson.net providers.online.metlife.com qa.providers.online.metlife.com; child-src 'self' *.everesttech.net *.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com *.facebook.com connect.facebook.net www.youtube.com https://*.twitter.com https://*.youtube.com; img-src 'self' data: blob: fonts.gstatic.com *.demdex.net *.everesttech.net *.adobedtm.com *.brightcove.com *.akamaihd.net *.boltdns.net *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.ggpht.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com *.yahoo.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.bing.com *.microsoft.com s.yimg.com about: ad.yieldmanager.com *.dialogtech.com *.contentsquare.net *.kampyle.com *.omtrdc.net *.linkedin.com t.co *.licdn.com p.adsymptotic.com *.google.com.au *.twitter.com *.twimg.com analytics.twitter.com *.googleadservices.com *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am *.facebook.com *.facebook.net *.fbcdn.net *.ytimg.com *.youtube.com bttrack.com *.bttrack.com script.hotjar.com twitter.com www.metlifeafore.com.mx www.metlife.com.mx *.metlife.com c.clicktale.net s.amazon-adsystem.com r.turn.com pixel.tapad.com www.metlife.co.jp ads.undertone.com www.authormetlife.com dev.day.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com script.hotjar.com; connect-src 'self' fonts.googleapis.com fonts.gstatic.com *.demdex.net *.everesttech.net *.adobedtm.com *.brightcove.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com maps.googleapis.com maps.google.com *.bing.com wss://*.bing.com *.yahoo.com *.browsiprod.com s.yimg.com *.decibelinsight.net wss://*.decibelinsight.net *.contentsquare.net *.omtrdc.net *.kampyle.com *.boltdns.net *.akamaihd.net *.linkedin.com *.licdn.com t.co *.twitter.com *.twimg.com *.facebook.com connect.facebook.net bttrack.com *.hotjar.com wss://*.hotjar.com *.hotjar.io twitter.com api5677.d41.co *.clicktale.net brightcove.hs.llnwd.net brightcove.vo.llnwd.net api.kitewheel.com players.brightcove.net; manifest-src 'self'; base-uri 'self' *.yahoo.com; form-action 'self' *.google.com *.twitter.com *.facebook.com connect.facebook.net qa.accessone.metlife.com secure.opinionlab.com accessone.metlife.com; media-src 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com dai.google.com *.yimg.com media.licdn.com *.twimg.com https://secure.brightcove.com video.bttrack.com *.brightcove.com; prefetch-src 'self' *.googlesyndication.com; worker-src 'self' www.google.com; report-uri https://gate.rapidsec.net/g/r/csp/f5639489-e42b-42ce-b32e-823b3b5e59a7/0/12/3?sct=ecb2e67c-b935-477b-afa1-3301f30fb1df&dpos=report 1
style-src 'self' 'unsafe-inline' *.bytecdn.cn *.byted.org *.snssdk.com *.pstatp.com *.jinritemai.com *.bytedance.net *.bytescm.com *.ecombdstatic.com *.bytegecko.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bytecdn.cn *.byted.org *.snssdk.com *.pstatp.com *.jinritemai.com *.bytedance.net *.bytetos.com *.bytescm.com *.ecombdstatic.com hm.baidu.com *.bytegoofy.com *.bytednsdoc.com *.bytegecko.com *.huoshanstatic.com; worker-src 'self' blob: *.jinritemai.com; default-src 'self' data: blob: 'unsafe-inline' *.pstatp.com *.jinritemai.com *.byteimg.com *.oceanengine.com *.bytedance.net *.bytetos.com *.bytescm.com *.ecombdstatic.com *.toutiaostatic.com *.byted-static.com *.bytedance.com *.bytegoofy.com *.bytednsdoc.com *.bytegecko.com; connect-src ws: wss: *.snssdk.com *.bytedance.com *.byteimg.com data: *.snssdk.com *.pstatp.com *.jinritemai.com *.oceanengine.com *.bytedance.net *.bytetos.com hm.baidu.com *.bytescm.com *.ecombdstatic.com *.ecombdimg.com *.bytegoofy.com *.jiyunhudong.com *.bytetcc.com *.bytegecko.com; img-src * blob: data: hm.baidu.com; media-src *.ixigua.com *.ecombdimg.com; report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=fxg_admin; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-0a1ecc8f30269c216c6ed6333f15e650' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://*.fantia.jp; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.fantia.jp https://www.google-analytics.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com cdn.jsdelivr.net https://nav.yumenosora.co.jp https://platform.twitter.com vjs.zencdn.net https://ec-widget.toranoana.jp https://static.ads-twitter.com https://analytics.twitter.com https://ssl.google-analytics.com 'nonce-d18866dafa0be82c1f94' https://*.clarity.ms; font-src 'self' https://*.fantia.jp https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com data:; style-src 'self' https://*.fantia.jp 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.quilljs.com https://nav.yumenosora.co.jp vjs.zencdn.net; img-src 'self' https://*.fantia.jp * blob: www.googletagmanager.com; child-src 'self' https://*.fantia.jp blob: https://platform.twitter.com https://www.googletagmanager.com https://www.youtube.com https://player.vimeo.com; frame-ancestors 'self' https://*.fantia.jp https://*.toranoana.jp https://toranoana.jp https://*.yumenosora.co.jp https://yumenosora.co.jp; connect-src 'self' https://*.fantia.jp id.fantia.jp https://fantia.s3-ap-northeast-1.amazonaws.com https://cc.fantia.jp https://c.fantia.jp https://ec-widget.toranoana.jp https://www.google-analytics.com https://stats.g.doubleclick.net *.clarity.ms; 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com www.artnet.com fast.fonts.net; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.artnet.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagservices.com *.serving-sys.com adservice.google.se tag.marinsm.com *.doubleclick.net adservice.google.fr adservice.google.it *.hotjar.com cdn.gbqofs.com cdn.segment.com adservice.google.ca *.googlesyndication.com *.adsafeprotected.com *.facebook.net adservice.google.de pixel-geo.prfct.co www.rtb123.com www.artnet.com secure.quantserve.com snap.licdn.com adservice.google.es ak.sail-horizon.com www.gstatic.com edge.quantserve.com v1.addthisedge.com z.moatads.com adservice.google.co.uk adservice.google.nl www.googletagmanager.com www.google-analytics.com www.google.com rules.quantcount.com *.googleapis.com *.addthis.com adservice.google.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.artnet.com fonts.gstatic.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.it www.google.co.uk www.google.com www.google.fr *.googleapis.com *.googlesyndication.com images.artnet.com pixel.quantserve.com www.google.ch service.urchin.com *.serving-sys.com www.google.com.au www.google.nl www.google.pl www.google.com.vn www.google.com.ph www.artnet.com ib.adnxs.com *.adsafeprotected.com *.doubleclick.net www.google-analytics.com www.google.es www.google.be www.google.de pixel-geo.prfct.co ad-events.flashtalking.com www.google.co.kr www.google.co.za www.google.co.jp *.addthis.com www.google.ca www.google.co.in *.linkedin.com www.google.se www.googletagmanager.com *.facebook.com www.google.co.id www.gstatic.com secure.adnxs.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.doubleclick.net *.googlesyndication.com www.google.com *.facebook.com *.hotjar.com *.addthis.com www.artnet.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.artnet.com *.facebook.com report.artnet.glassboxdigital.io *.hotjar.com *.addthis.com *.googlesyndication.com csi.gstatic.com api.sail-personalize.com api.sail-track.com *.serving-sys.com *.googleapis.com www.google-analytics.com; form-action  www.artnet.com *.facebook.com; report-uri /csp_report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.adobedtm.com *.demdex.net *.decibelinsight.net *.decibel.com *.adform.net *.everesttech.net *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.facebook.net *.googleadservices.com *.raisenow.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'none'; frame-ancestors *.ubs.com; form-action *.ubs.com; frame-src *.ubs.com https://ubs.demdex.net; connect-src *.ubs.com *.decibelinsight.net *.decibel.com; report-uri /csp/reports 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-c6c59e4536961127dbc3298cec5832c5' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome 1
script-src 'self' *.concur.com *.concursolutions.com *.concursolutionsus.sc.omtrdc.net *.concursolutionseu.sc.omtrdc.net *.concurcdc.cn *.sap.com *.concurmessaging.com *.akamaihd.net *.akamaitechnologies.com *.deploy.akamaitechnologies.com *.deploy.static.akamaitechnologies.com *.googletagmanager.com *.gstatic.com *.stats.g.doubleclick.net *.trustarc.com *.prefmgr-cookie.truste-svc.net *.walkme.com *.glancecdn.net *.glance.net *.s3.amazonaws.com s3.amazonaws.com *.salesforceliveagent.com *.cloud.sap *.ondemand.com *.ridecharge.com *.newrelic.com *.nr-data.net 'unsafe-inline' 'unsafe-eval';report-uri /nui/signin/report-violation 1
default-src https: wss: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 1
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 1
form-action 'self'; style-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.cnil.fr *.educnum.fr; frame-ancestors 'self' www.dailymotion.com www.youtube-nocookie.com www.youtube.com; img-src 'self'; frame-src 'self' www.dailymotion.com www.youtube-nocookie.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.cnil.fr; object-src 'self'; font-src 'self'; base-uri 'self'; block-all-mixed-content; default-src 'self' data: blob:; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/safety_google 1
default-src 'self' spotify.okta.com *.oktacdn.com; connect-src 'self' spotify.okta.com spotify-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com spotify.kerberos.okta.com spotify.mtls.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' spotify.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' spotify.okta.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' spotify.okta.com spotify-admin.okta.com login.okta.com api-0f3c7c4d.duosecurity.com; img-src 'self' spotify.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com data: blob:; font-src 'self' spotify.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-9278a1399b2258c0e3727e2ceec7208b' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'none'; style-src 'self'; connect-src 'self'; img-src 'self'; script-src 'self' https://www.google.com/jsapi https://www.googletagmanager.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://www.gstatic.com/charts/loader.js https://www.google-analytics.com/analytics.js; font-src 'self'; base-uri 'self'; form-action 'self'; 1
default-src data: https://partners.akbars.ru https://apps.akbars.ru https://sravni.go2cloud.org https://www.akbars.ru https://fonts.gstatic.com https://mc.yandex.ru https://yandex.ru https://api-maps.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://google-analytics.bi.owox.com https://dadata.ru https://suggestions.dadata.ru 'self'; script-src blob: data: https://partners.akbars.ru https://apps.akbars.ru https://ajax.aspnetcdn.com https://sitesearch-suggest.yandex.ru https://yandex.ru https://site.yandex.net https://api-maps.yandex.ru https://*.maps.yandex.net https://mc.yandex.ru https://clck.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://partners.akbars.ru https://apps.akbars.ru https://fonts.googleapis.com https://yastatic.net 'self' 'unsafe-inline'; img-src blob: data: https://partners.akbars.ru https://apps.akbars.ru https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastat.net https://yastatic.net https://yandex.st https://yandex.ru https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://www.googletagmanager.com https://www.google-analytics.com https://google-analytics.bi.owox.com https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com 'self'; frame-src https://api-maps.yandex.ru https://www.facebook.com https://www.youtube.com 'self'; upgrade-insecure-requests 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1
frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-70e1e709cf1b22c93558deb9aab66ce6' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
font-src use.typekit.net script.hotjar.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.gstatic.com 'self' data: fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com vars.hotjar.com www.facebook.com payflowlink.paypal.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.wesupply.xyz *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de px.ads.linkedin.com p.adsymptotic.com www.facebook.com www.google.com www.linkedin.com script.hotjar.com fonts.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com legacy.pantone.com connect.facebook.net script.hotjar.com snap.licdn.com static.hotjar.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net go.xrite.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.cloudflare.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.googleapis.com *.gstatic.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de webchat.dotdigital.com stats.g.doubleclick.net in.hotjar.com bam.nr-data.net bt.signifyd.com www.facebook.com bt.signifyd.com:11103 api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-59be6c4e6765f69632f5adc73d71220b' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://code.highcharts.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://unpkg.com https://ws.sharethis.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src 'self' 'unsafe-inline' https://ws.sharethis.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://unpkg.com; report-uri https://unctad.org/report-uri/reportOnly 1
style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com *.bazaarvoice.com api.tiles.mapbox.com epson.com cdn.pricespider.com cdn.jsdelivr.net cdn.honey.io fast.fonts.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: js-agent.newrelic.com www.google.co.in www.google.co.jp www.google.co.kr sc-static.net www.google.pl wtbevents.pricespider.com checkout.getbread.com *.twitter.com xiecomm.paymetric.com *.tiktok.com www.google.com.bd www.google.de www.google.fi www.google.ru www.mczbf.com tags.tiqcdn.com www.google.com.ph www.google.hu tracking.intentsify.io a.tribalfusion.com ssl.kaptcha.com pi.pardot.com www.gstatic.com www.google.com.co public.cobrowse.oraclecloud.com cdnssl.clicktale.net fast.fonts.net js.adsrvr.org bam-cell.nr-data.net *.taboola.com www.google.ch www.paypalobjects.com www.googletagmanager.com s.yimg.com unpkg.com www.paypal.com www.google.fr cdn.pricespider.com cdn.jsdelivr.net tags.crwdcntrl.net *.googleadservices.com www.google.it bat.bing.com www.google.com.mx www.google.co.id *.doubleclick.net stat.dealtime.com www.youtube.com *.googlesyndication.com seal.verisign.com www.google.co.uk *.facebook.net api.ipify.org geoip-js.com www.google.com.vn l.clarity.ms www.google.com.au h.clarity.ms snap.licdn.com i.clarity.ms www.google.cz epson.com *.tealiumiq.com www.google.com.my f.clarity.ms j.clarity.ms g.clarity.ms k.clarity.ms cdn.pdst.fm locate.pricespider.com s.tribalfusion.com www.google.ca *.bazaarvoice.com www.google.com.hk *.ads-twitter.com cl.qualaroo.com www.google.com.mm a.clarity.ms www.google-analytics.com www.google.com.pk www.google.com d.clarity.ms e.clarity.ms *.googleapis.com js.cnnx.link www.clarity.ms; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tags.tiqcdn.com static3.avast.com *.googleapis.com www.googletagmanager.com k.clarity.ms at.alicdn.com fonts.gstatic.com fast.fonts.net cdn.honey.io cdn.ivaws.com epson.com cdn.jsdelivr.net; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: checkout.getbread.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.lv www.google.com i.ytimg.com www.google.cl t.co www.google.fr cdn.ivaws.com c.bing.com www.google.hn www.google.co.nz sp.analytics.yahoo.com files.support.epson.com *.omtrdc.net www.google.iq a.tribalfusion.com l.clicktale.net www.google.com.sa www.google.rs maps.gstatic.com c.clicktale.net www.google.co.kr www.google.co.jp www.google.com.ng www.google.co.in *.linkedin.com www.google.se www.google.com.pk www.google.com.mm t.paypal.com c.clarity.ms www.google.com.hk bam-cell.nr-data.net fonts.gstatic.com *.bazaarvoice.com www.google.com.au www.google.nl www.google.com.vn www.google.com.kh www.google.com.tr cdn.honey.io embeddedcloud.pricespider.com www.google.co.ke www.google.com.pr img.youtube.com *.doubleclick.net www.paypal.com www.google.es www.google.ru www.google.be www.google.com.pa www.google.com.et www.google.co.za www.google.com.sg www.googletagmanager.com www.google.com.ec www.google.at *.facebook.com *.taboola.com mediaserver.goepson.com www.google.hr adservice.google.com www.google.it www.google.co.uk s.tribalfusion.com www.google.co.ve public.cobrowse.oraclecloud.com www.google.com.co www.google.ch www.google.com.ph a4.tribalfusion.com ib.adnxs.com *.demdex.net www.google.com.bd www.google-analytics.com p.adsymptotic.com www.bizrate.com www.google.co.th www.google.com.ua www.google.no www.google.com.ar www.google.dk *.twitter.com www.google.ae www.google.bg *.tealiumiq.com www.google.ca www.google.lk www.google.co.uz www.google.ie www.google.ro www.google.cz www.google.gr www.google.com.tw www.google.kz *.tiktok.com *.googleapis.com epson.com www.google.co.cr www.google.com.do www.google.mn www.google.com.my www.google.pt s3-us-west-2.amazonaws.com www.google.pl www.emjcd.com *.everesttech.net www.mczbf.com www.google.hu www.google.fi bat.bing.com www.google.com.mx www.google.de www.google.com.br www.google.com.pe cdn.pricespider.com www.google.co.tz www.google.sk www.google.co.il www.google.co.id www.google.com.eg www.paypalobjects.com www.gstatic.com secure.adnxs.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.demdex.net cdnssl.clicktale.net public.cobrowse.oraclecloud.com www.paypal.com *.doubleclick.net dntcl.qualaroo.com www.emjcd.com www.sandbox.paypal.com www.youtube.com xiecomm.paymetric.com ssl.kaptcha.com *.facebook.com tsdtocl.com checkout.getbread.com *.bazaarvoice.com *.googlesyndication.com www.google.com *.dotomi.com *.snapchat.com insight.adsrvr.org match.adsrvr.org forms.goepson.com epson.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: checkout.getbread.com public.cobrowse.oraclecloud.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com *.omtrdc.net l.clicktale.net *.doubleclick.net c.clicktale.net bcp.crwdcntrl.net www.mczbf.com *.facebook.com www.googletagmanager.com k-aus1.clicktale.net adservice.google.com *.taboola.com a.clarity.ms www.clarity.ms t.co us-central1-adaptive-growth.cloudfunctions.net www.paypal.com events.mapbox.com d.clarity.ms *.snapchat.com *.googleapis.com b.clarity.ms labs.observepoint.com www.google-analytics.com q-aus1.clicktale.net g.clarity.ms h.clarity.ms ssl.kaptcha.com epson.com www.sandbox.paypal.com i.clarity.ms e.clarity.ms *.bazaarvoice.com www.sjwoe.com www.google.com *.tiktok.com bam-cell.nr-data.net f.clarity.ms *.tealiumiq.com *.twitter.com checkout.getbread.com geoip-js.com k.clarity.ms l.clarity.ms api.mapbox.com j.clarity.ms *.demdex.net tags.tiqcdn.com; form-action  epson.com xiecomm.paymetric.com *.bazaarvoice.com *.facebook.com *.snapchat.com; report-uri /csp_report 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website 1
script-src 'unsafe-inline' 'unsafe-eval' https:; object-src data: https://d1785e74lyxkqq.cloudfront.net https://h.online-metrix.net; base-uri 'none'; report-uri https://tvlk.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' ; img-src blob: data: https:; report-uri /csp-violation-report 1
script-src 'self' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-MjcwMjE1MjI3OSwzMDA4MTMzMjYx'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=130-9234138-4079026:rid=A51Q2YM70BJVZAMDR83G:sn=www.acx.com 1
media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: developer.livehelpnow.net widget.replain.cc *.copart.com; form-action  www.copart.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.copart.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: copart.com static3.avast.com f.clarity.ms kit-free.fontawesome.com cdn.livehelpnow.net cdn.megabonus.com www.copart.com fonts.gstatic.com *.googleapis.com www.gstatic.com www.clarity.ms *.googlesyndication.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.copart.com www.autocheck.com ilc.logisctic.com copart.com www.google.com kit-free.fontawesome.com developer.livehelpnow.net www.copart.com *.googleapis.com widget.replain.cc; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com developer.livehelpnow.net l.clarity.ms payments.braintree-api.com j.clarity.ms client-analytics.braintreegateway.com www.livehelpnow.net api.shelf.network www.paypal.com k.clarity.ms wss://ws.replain.cc bat.bing.com *.doubleclick.net wss://app.livehelpnow.net attestation.android.com *.copart.com csi.gstatic.com www.b2i.us *.googlesyndication.com a.clarity.ms app.replain.cc b.clarity.ms adservice.google.com *.googleapis.com s.inwjau.com r.lr-ingest.io f.clarity.ms d.clarity.ms h.clarity.ms cdn.cookielaw.org i.clarity.ms e.clarity.ms www.clarity.ms www.google.com cdn.ampproject.org g.clarity.ms www.copart.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: flex.cybersource.com fs30.formsite.com www.googletagmanager.com *.copart.com *.facebook.com www.b2i.us www.autocheck.com *.doubleclick.net *.googleapis.com www.youtube.com pay.google.com www.copart.com *.googlesyndication.com www.google.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.az www.livehelpnow.net www.google.kz developer.livehelpnow.net c.clarity.ms *.doubleclick.net www.google.iq ciclonrox.com www.google.jo www.gstatic.com www.google.bg www.google.ae *.facebook.com www.google.com.do www.google.ca www.google.ge c.bing.com cdn.livehelpnow.net www.google.bs consent.linksynergy.com www.google.am shelf-prod-imgs.s3.eu-west-1.amazonaws.com www.google.com.gh www.google.hn www.autocheck.com www.google.com.gt cdn.cookielaw.org boxclone.com www.google.com.mx www.google.tm translate.google.com scaleflex.ultrafast.io copart.com www.googletagmanager.com *.googlesyndication.com www.google.ru www.google.com.ly www.google.de www.google.co.in www.b2i.us assets.replain.cc fonts.gstatic.com www.google.by autohelperbot.com *.copart.com www.google.com.om *.facebook.net bat.bing.com www.google.com.ng *.googleapis.com s.inwjau.com www.google.co.uk www.google.lt www.clarity.ms www.google.com.sv e.clarity.ms www.google.com www.google.com.ua www.copart.com www.google.nl www.google.pl; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.hn cdn.cookielaw.org www.googletagmanager.com adservice.google.com.ng www.googleoptimize.com cdn.ampproject.org autohelperbot.com adservice.google.com.sv www.autocheck.com adservice.google.bs adservice.google.com.ua s.inwjau.com adservice.google.jo adservice.google.ae adservice.google.com *.googlesyndication.com adservice.google.iq adservice.google.ge *.facebook.net adservice.google.ca www.gstatic.com adservice.google.ie tag.rmp.rakuten.com k.clarity.ms www.b2i.us l.clarity.ms adservice.google.az bat.bing.com adservice.google.cz cdn.lr-ingest.io blinkjork.com adservice.google.kz *.doubleclick.net songbird.cardinalcommerce.com ciclonrox.com www.clarity.ms hublosk.com adservice.google.pl adservice.google.co.in ilc.logisctic.com developer.livehelpnow.net *.googleadservices.com j.clarity.ms boxclone.com i.clarity.ms cdn.jsdelivr.net www.googletagservices.com f.clarity.ms h.clarity.ms www.google.com adservice.google.com.mx adservice.google.com.gt jullyambery.net g.clarity.ms www.copart.com *.googleapis.com d.clarity.ms adservice.google.ru a.clarity.ms e.clarity.ms adservice.google.com.kh adservice.google.tm adservice.google.com.bo; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' data: *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net snap.licdn.com analytics.tiktok.com sc-static.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk linkedin.com www.facebook.com t.co *.linkedin.com *.google.ch *.google.de *.google.nl *.google.com.eg *.google.es *.google.ee *.google.co.in *.google.co.uz *.adsymptotic.com *.tableau.com *.google.ge *.google.se *.google.com.bh *.google.sk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com match.adsrvr.org *.twentythree.net gateway.zscaler.net *.tableau.com *.snapchat.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' data: fonts.gstatic.com *.fca.org.uk at.alicdn.com; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com analytics.tiktok.com *.snapchat.com; report-uri https://o105440.ingest.sentry.io/api/234655/security/?sentry_key=78e86bb79e1f44d0b24b22ab1e9dc5d0; upgrade-insecure-requests 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp-endpoint/index 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/panoramio 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com http://www.facebook.com https: mailto: tel: ms-appx-web: blob: 'self'; img-src * data: blob: 'self' android-webview-video-poster:; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net http://*.dynamicyield.com https: 'unsafe-inline' 'self'; font-src http://*.dynamicyield.com http://*.webspellchecker.net http://fonts.gstatic.com https: data: blob: 'self' http://themes.googleusercontent.com chrome-extension: localhost:3000;report-uri /csp/submit 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-hz4921fq9cyRdA==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-8159b158e3bc3b450c11f5ee819770f0' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com 'unsafe-eval' https://snap.licdn.com https://static.ads-twitter.com  https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com:* https://cdnapisec.kaltura.com:* http://cdnapi.kaltura.com:*   https://www.google-analytics.com:* https://cdn.jsdelivr.net:* https://script.crazyegg.com:* https://static.cloudflareinsights.com:*; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com; report-uri /report-csp-violation 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com 	 https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net *.yimg.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
require-trusted-types-for 'script'; trusted-types angular angular#bundler angular#unsafe-bypass aio#analytics google#safe; report-uri https://csp.withgoogle.com/csp/angular.io 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://t.r42.io/matomo.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' *.dev-club.de app.contentful.com; 1
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1
script-src 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com; report-uri /api/v3/violations/csp 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
object-src 'none'; script-src 'strict-dynamic' 'report-sample' 'unsafe-inline' 'unsafe-eval' http: https: 'nonce-3vHK/HguFYB5pybTdPYaAQ=='; base-uri 'self'; report-uri https://www.stitchfix.com/dynamic-shock/security/csp_reports?action_name=show&browser_type=Chrome&controller_name=pages&logweasel_id=01G3FJNG78GN378Z0E3N4KV7QB-DYNAMIC_SHOCK-WEB 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1
default-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com https://app505-dayforce-csp-func.azurewebsites.net/api/DFCspReportFunction; script-src 'self' 'unsafe-eval' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com 'nonce-OJycnVJ4wg==' 'report-sample'; style-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com 'unsafe-inline'; img-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com data: blob:; font-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com data:; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' http://*.abcya.com:* https://*.abcya.com:* https://*.ixl.com:* https://*.ixl.x:* https://*.ixl.k38:* https://*.ixl.m26:* https://*.ixl.cap:* https://*.ixl.lb:* https://*.ixl.k10:* https://*.ixl.k41:* https://*.ixl.abcyaonixl.ixl.dev:* http://localhost:* https://*.ixl.dev:*; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.playwire.com https://assets-abcya-com.netlify.app https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://cdn.intergi.com https://*.playwire.com https://*.stripe.com https://*.abcya.com https://assets-abcya-com.netlify.app https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://assets-abcya-com.netlify.app https://cdn.intergi.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://intergi-phoenix.s3.amazonaws.com https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self' https://assets-abcya-com.netlify.app; object-src https://*.abcya.com https://assets-abcya-com.netlify.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://adservice.google.com https://cdn.ampproject.org https://cdn.intergi.com https://cdn.intergient.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://cdn.intergi.com https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; cdn-apple.com 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/admob_google_com 1
default-src 'self' tpc.googlesyndication.com; frame-ancestors 'self'; frame-src 'self' https://staticcdn.co.nz www.youtube.com www.facebook.com connect.facebook.net gsa://onpageload https://d2rf51x5ga9gxp.cloudfront.net https://api.trademe.co.nz/ https://auth.trademe.co.nz https://vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://vtc.virtualtourscreator.com.au https://app.cloudpano.com https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com *.doubleclick.net *.imrworldwide.com trademe.wufoo.com my.matterport.com *.trademepayments.co.nz *.pingauth.trademe.co.nz https://vars.hotjar.com; font-src 'self' data: *.tmcdn.co.nz fonts.googleapis.com fonts.gstatic.com http://static.hotjar.com https://static.hotjar.com; img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com www.facebook.com https://api.trademe.co.nz/ *.tmcdn.co.nz *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.googlesyndication.com *.imrworldwide.com *.doubleclick.net *.googleusercontent.com https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com www.googletagservices.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie www.googleadservices.com *.doubleclick.net *.imrworldwide.com *.googlesyndication.com cdn.ampproject.org http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://*.afterpay.com https://*.newrelic.com https://*.nr-data.net https://frend-assets.freetls.fastly.net/; form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/; connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz *.tmcdn.co.nz sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.doubleclick.net *.googlesyndication.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.afterpay.com https://*.nr-data.net; child-src 'self' https://vars.hotjar.com; worker-src 'self' https://vars.hotjar.com; report-uri https://sentry.io/api/1279183/security/?sentry_key=990566bb4d5d4445ae67eba309f51cfd 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.soloway.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com 	 https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self' wss: *.intercom.io; script-src 'self' 'unsafe-eval' 'unsafe-inline'  ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.art.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com widget.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.art.com cdn.pbbl.co *.googleadservices.com code.jquery.com *.intercom.io *.artprintimages.com *.google.com *.affirm.com *.allpostersimages.com *.fbot.me *.datadoghq-browser-agent.com *.intercom.io; object-src 'none'; base-uri 'self'; report-uri https://csp.walmart.com/c/r/art 1
font-src 'unsafe-inline' data: *.gstatic.com *.bootstrapcdn.com *.cloudfront.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.doubleclick.net *.affirm.com *.stripe.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.cloudfront.net *.bing.com *.google.com *.pinterest.com *.facebook.com *.facebook.net *.amazonaws.com *.amazon-adsystem.com *.shareasale-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cricut.com *.cloudfront.net *.googletagmanager.com *.slgnt.us *.stripe.com *.affirm.com *.zdassets.com *.facebook.com *.facebook.net *.crazyegg.com *.google.com *.bing.com *.pinimg.com *.windows.net *.doubleclick.net *.polyfill.io *.cloudflare.com *.googleapis.com *.jsdelivr.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cloudfront.net *.bootstrapcdn.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.slgnt.us *.affirm.com *.zdassets.com *.zendesk.com *.zopim.com *.pinterest.com *.doubleclick.net *.google-analytics.com *.facebook.com *.facebook.net *.crazyegg.com *.cloudfront.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src sir.rediris.es www.rediris.es 'self' abs.twimg.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com self syndication.twitter.com ton.twimg.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube-nocookie.com; connect-src www.google-analytics.com; form-action syndication.twitter.com platform.twitter.com; img-src 'self' www.rediris.es abs.twimg.com data: file ton.twimg.com pbs.twimg.com platform.twitter.com; script-src-elem 'self' www.google.com www.googletagmanager.com 'unsafe-inline' www.rediris.es cdn.syndication.twimg.com platform.twitter.com; script-src www.google.com www.gstatic.com 'unsafe-inline'; style-src-elem 'self' www.rediris.es platform.twitter.com ton.twimg.com; style-src 'self'; frame-src 'self' platform.twitter.com syndication.twitter.com www.youtube-nocookie.com; object-src 'self'; report-uri https://27ee058862b5cab81e8d2c18685f28d5.report-uri.com/r/d/csp/wizard 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-50bdd55943f416a6d27cbff34ac3f004' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
font-src 'self' d3jbm9h03wxzi9.cloudfront.net fonts.googleapis.com data: https:; img-src 'self' d3jbm9h03wxzi9.cloudfront.net s3.amazonaws.com/revue imgix.revue.co revue-direct.imgix.net data: https:; object-src 'none'; script-src 'self' d3jbm9h03wxzi9.cloudfront.net cdn.mxpnl.com checkout.stripe.com connect.facebook.net www.google-analytics.com js.stripe.com use.typekit.net *.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'unsafe-eval' https: 'nonce-XdVoYVdBt7FyEks/1ZFZaQ=='; frame-src www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https:; style-src 'self' d3jbm9h03wxzi9.cloudfront.net 'unsafe-inline' https:; connect-src 'self' wss://*.intercom.io *.intercom.io *.intercomcdn.com wss://*.pusher.com https:; report-uri /csp-report 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.twimg.com *.vimeo.com www.youtube.com *.cdninstagram.com; connect-src 'self' *.facebook.com www.google-analytics.com; script-src 'self' *.facebook.com *.facebook.net www.googletagmanager.com *.google-analytics.com *.netdna-ssl.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.typekit.net *.netdna-ssl.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: *.facebook.com s.w.org secure.gravatar.com *.twimg.com *.google-analytics.com *.cdninstagram.com *.netdna-ssl.com; font-src data: 'self' fonts.gstatic.com use.typekit.net *.netdna-ssl.com; frame-src www.facebook.com player.vimeo.com www.youtube.com; report-uri https://browser-listener-10c8e3692d0a.cloudapps.digital/csp-reports; report-to csp-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com 'strict-dynamic' 'nonce-MzI2Nzg1ODQ0MywxNzkzODIzNTMz'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: gateway.zscalerone.net *.kmart.com.au; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com *.kmart.com.au j.clarity.ms *.cloudfront.net at.alicdn.com pixboost.com surveys-static.survicate.com www.googletagmanager.com e.clarity.ms d.clarity.ms www.clarity.ms *.googleapis.com gateway.zscalerone.net f.clarity.ms staticw2.yotpo.com yotpo-stool.s3.amazonaws.com i.clarity.ms a.clarity.ms static3.avast.com cdn.honey.io; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com tags.tiqcdn.com *.trendmicro.com *.pinterest.com www.google.com *.snapchat.com survey.survicate.com widget.paydock.com api.paydock.com www.paypal.com servedby.flashtalking.com *.kmart.com.au www.paypalobjects.com gateway.zscalerone.net *.doubleclick.net www.youtube.com *.custhelp.com *.optimizely.com ap.gateway.mastercard.com *.facebook.com www.rsa3dsauth.co.uk; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.honey.io surveys-static.survicate.com embed.salefinder.com.au *.trendmicro.com staticw2.yotpo.com gateway.zscalerone.net *.kmart.com.au druidapc.prod.druidprod.a-kmtkmg.net *.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: c.oracleinfinity.io *.facebook.net tags.tiqcdn.com unpkg.com *.tiktok.com *.optimizely.com cdn-quick-ar.threedy.ai sc-static.net js-agent.newrelic.com a.clarity.ms www.gstatic.com rec.smartlook.com druidapc.prod.druidprod.a-kmtkmg.net surveys-static.survicate.com f.clarity.ms h.clarity.ms bam.nr-data.net www.paypal.com *.kmart.com.au g.clarity.ms *.pinimg.com *.googleapis.com www.google.com *.googleadservices.com cosmeticsrc.com d.clarity.ms survey.survicate.com seoab.io *.trendmicro.com www.clarity.ms e.clarity.ms www.googletagmanager.com *.pinterest.com k.clarity.ms embed.salefinder.com.au www.google-analytics.com staticw2.yotpo.com www.paypalobjects.com gateway.zscalerone.net cnstrc.com www.youtube.com j.clarity.ms i.clarity.ms dc.oracleinfinity.io *.tealiumiq.com l.clarity.ms apis.google.com bat.bing.com; form-action  www.rsa3dsauth.co.uk *.kmart.com.au api.paydock.com *.pinterest.com *.snapchat.com *.facebook.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maps.gstatic.com pixboost.com *.pinterest.com mc.yandex.ru embed.salefinder.com.au www.google-analytics.com gateway.zscalerone.net *.cloudfront.net www.google.com.ph dc.oracleinfinity.io www.google.com.au www.googletagmanager.com druidapc.prod.druidprod.a-kmtkmg.net *.snapchat.com fonts.gstatic.com translate.google.com cdn.honey.io p.yotpo.com *.optimizely.com images.ctfassets.net embed.salefinder.co.nz *.facebook.net *.tiktok.com www.google.com www.google.co.nz 50.xg4ken.com kmartau.mo.cloudinary.net c.clarity.ms *.googleapis.com www.google.com.sg www.google.co.uk www.google.com.pg cosmeticsrc.com bam.nr-data.net *.kmart.com.au bat.bing.com www.gstatic.com *.tealiumiq.com t.paypal.com bam-cell.nr-data.net www.google.co.jp *.doubleclick.net www.google.co.in *.facebook.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: h.clarity.ms j.clarity.ms f.clarity.ms web-writer.eu.smartlook.cloud i.clarity.ms e.clarity.ms ac.cnstrc.com l.clarity.ms d.clarity.ms *.googleapis.com *.kmart.com.au k.clarity.ms tags.tiqcdn.com www.clarity.ms cnstrc.com *.optimizely.com g.clarity.ms bam.nr-data.net events-writer.smartlook.com b.clarity.ms a.clarity.ms kmartau.mo.cloudinary.net *.tealiumiq.com quick-ar.threedy.ai kma-cdn.truefitcorp.com assets-proxy.smartlook.cloud api.paydock.com adservice.google.com databridge.tdbtrk.com www.googletagmanager.com druidapi.prod.druidprod.a-kmtkmg.net mc.yandex.ru web-writer.us.smartlook.cloud seoab.io www.google.com staticw2.yotpo.com api-cdn.yotpo.com druidbotservice.prod.druidprod.a-kmtkmg.net static.queue-it.net manager.eu.smartlook.cloud bat.bing.com p.yotpo.com *.snapchat.com www.paypal.com *.pinterest.com respondent.survicate.com *.facebook.com gateway.zscalerone.net *.tiktok.com bam-cell.nr-data.net *.doubleclick.net; report-uri /csp_report 1
font-src use.typekit.net data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.braintreegateway.com tst.kaptcha.com www.google.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com *.paypal.com *.magento.com magento.com embedwistia-a.akamaihd.net fast.wistia.com embed-fastly.wistia.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com use.typekit.net *.paypal.com js-agent.newrelic.com s3.amazonaws.com fast.wistia.com bam.nr-data.net www.gstatic.com www.google.com *.d41.co so.rlcdn.com *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline use.typekit.net p.typekit.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com magento.com *.magento.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.adobe.com stats.g.doubleclick.net google.com *.paypal.com adobe.tt.omtrdc.net bam.nr-data.net *.wistia.com *.litix.io int-api.magedevteam.com api.magento.com *.d41.co *.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d1glcu56fxkf6q.cloudfront.net; script-src 'nonce-1fdc4fb656be4770980f8ff021bab1fd'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d1glcu56fxkf6q.cloudfront.net; style-src 'self' 'nonce-1fdc4fb656be4770980f8ff021bab1fd'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d1glcu56fxkf6q.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d1glcu56fxkf6q.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d1glcu56fxkf6q.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d1glcu56fxkf6q.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=135-0857898-4418553:rid=1E40990CEFE746C8B90E:sn=www.playlostark.com 1
block-all-mixed-content; style-src 'self' 'unsafe-inline' *.uni-wuerzburg.de www.google.com; img-src 'self' data: *.uni-wuerzburg.de *.gstatic.com *.google.com www.googleapis.com; object-src 'self' *.uni-wuerzburg.de; frame-src 'self' *.uni-wuerzburg.de *.youtube-nocookie.com cse.google.com; frame-ancestors 'self' *.uni-wuerzburg.de; base-uri 'self' www.uni-wuerzburg.de; form-action 'self' *.bibliothek.uni-wuerzburg.de www.uni-wuerzburg.de; media-src 'self' data: *.uni-wuerzburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uni-wuerzburg.de *.google.com; report-uri https://www2.uni-wuerzburg.de/rz/csp-report-uri/ 1
script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.2mdn.net *.33across.com *.acexchange.co.kr *.ad-generation.jp *.adagio.io *.addthis.com *.addthisedge.com *.adform.com *.adiiix.com *.adingo.jp *.admanmedia.com *.admixer.com *.admixer.net *.adtech.com *.adtiming.com *.advangelists.com *.advertising.com *.adyoulike.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.aniview.com *.aol.com *.appnexus.com *.aps.amazon.com *.aralego.com *.avantisvideo.com *.axonix.com *.beachfront.com *.behave.com *.betweendigital.com *.bidmachine.io *.bidstreammedia.com *.bidtellect.com *.bing.com *.blis.com *.braintreegateway.com *.brid.tv *.brightcove.com *.brightcove.net *.chocolateplatform.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.consumable.com *.contextweb.com *.conversantmedia.com *.crazyegg.com *.criteo.com *.criteo.net *.districtm.io *.doubleclick.net *.doubleverify.com *.e-planning.net *.e-volution.ai *.emxdgt.com *.engagebdr.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.fastclick.net *.freewheel.tv *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.id5-sync.com *.improvedigital.com *.indexexchange.com *.infolinks.com *.inmobi.com *.inskinmedia.com *.instagram.com *.insticator.com *.jquery.com *.kargo.com *.launchdarkly.com *.lemmatechnologies.com *.lijit.com *.lkqd.com *.lkqd.net *.logan.ai *.loopme.com *.marketo.net *.media.net *.mediago.io *.mediatradecraft.com *.moatads.com *.mobfox.com *.mobileadtrading.com *.my.com *.my6sense.com *.narrativ.com *.nativo.com *.newrelic.com *.nr-data.net *.ogury.com *.onetag.com *.openexchangerates.org *.openx.com *.outbrain.com *.playbuzz.com *.pokkt.com *.prodooh.com *.proper.io *.pubmatic.com *.pubnative.net *.px-cdn.net *.quantcount.com *.quantserve.com *.realself.com *.revcontent.com *.rhythmone.com *.richaudience.com *.risecodes.com *.rlcdn.com *.rsdev.co *.rubiconproject.com *.s-onetag.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.snapengage.com *.somoaudience.com *.sonobi.com *.sovrn.com *.speedcurve.com *.spotx.tv *.spotxchange.com *.springserve.com *.ssp.e-volution.ai *.ssp.logan.ai *.stackadapt.com *.synacor.com *.target.my.com *.teads.tv *.telaria.com *.themediagrid.com *.tremorhub.com *.tribalfusion.com *.triplelift.com *.typekit.net *.ucfunnel.com *.undertone.com *.unrulymedia.com *.vdopia.com *.velismedia.com *.verve.com *.video.unrulymedia.com *.vidoomy.com *.yahoo.com *.yieldmo.com *.zencdn.net btloader.com openexchangerates.org blob:; worker-src 'self' blob:; frame-ancestors *; form-action *; report-uri https://api.realself.com/v1/rs-csp-sc/csp-info; report-to security-report 1
frame-ancestors 'self'; report-uri https://www.adelaidenow.com.au/csp-reports 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.yahoo.com *.pinimg.com *.redditstatic.com *.taboola.com *.pinterest.com *.googleapis.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';script-src 'report-sample' 'nonce-OFOgxspuR4CJZZzbLDtCPg' 'unsafe-inline' 'strict-dynamic' https: http:;style-src https: 'unsafe-inline';report-uri /cspreport 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://us-central1-shinesumoplus.cloudfunctions.net/report-uri 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/  https://service.pdok.nl/ https://data.rivm.nl/  https://*.openstreetmap.org/; frame-ancestors https://*.woondossier.nl/; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; report-uri /report-csp-violation 1
default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.yahoo.com *.doubleclick.net; font-src 'self' *.bootstrapcdn.com; frame-src 'self' *.soundcloud.com *.twitter.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com *.yahoo.com https://www.google.com/ads/ga-audiences *.pendo.io *.twitter.com *.twimg.com; script-src 'self' 'nonce-lnnE9Y0hAcBKC67XKRmHRg==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com *.github.com/flurrydev/ *.pendo.io *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.yimg.com *.twitter.com *.twimg.com https://github.githubassets.com/assets/ *.bootstrapcdn.com; report-uri /csp-report 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-4fc8eb098bcb5d7d4ded44b237f020f8' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
connect-src 'self' https://ee.15gifts.com https://*.ads-twitter.com https://*.akamaihd.net https://ee-dtp-static.s3.amazonaws.com https://ee-outage.s3.amazonaws.com https://ee-tagging.s3.amazonaws.com https://bat.bing.com https://btbsecure.business.bt.com https://*.cloudfront.net https://*.ee.co.uk https://ee.co.uk https://myaccount.ee.co.uk https://*.criteo.com https://*.criteo.net https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://cdn.decibelinsight.net https://*.demdex.net https://dpm.demdex.net https://*.doubleclick.net wss://collection.decibelinsight.net https://*.facebook.com https://*.facebook.net https://wmstatic.global.ssl.fastly.net https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://ajax.googleapis.com https://translate.googleapis.com https://www.googleapis.com https://www.googletagmanager.com https://*.gstatic.com https://decibelinsight.net https://t.co https://code.jquery.com https://*.liveperson.net https://*.lpsnmedia.net https://resources.digital-cloud-uk.medallia.eu https://imp2.nowinteract.com https://*.tt.omtrdc.net https://btbusiness.d1.sc.omtrdc.net https://everythingeverywhere.tt.omtrdc.net https://*.online-metrix.net https://api.opmnstr.com https://a.optmnstr.com https://static.queue-it.net https://*.reevoo.com https://skynet.reevoo.com https://i.salecycle.com https://ws.sessioncam.com https://ipb.smct.co https://smct.co https://tr.snapchat.com https://*.tags.tiqcdn.com https://*.twitter.com https://consent.trustarc.com https://api.uniqodo.com https://insights.uniqodo.com https://analytics.tiktok.com https://pagead2.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ee.15gifts.com https://track.adform.net https://*.adobedtm.com https://static.ads-twitter.com https://*.akamaihd.net https://ee-dtp-static.s3.amazonaws.com https://ee-tagging.s3.amazonaws.com https://rialto-gms.s3.amazonaws.com https://ads.avocet.io https://bat.bing.com https://p294588.clksite.com https://ee.cloud-iq.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://d2oh4tlt9mrke9.cloudfront.net https://c.cnzz.com https://*.ee.co.uk https://ee.co.uk https://smetrics.ee.co.uk https://*.criteo.com https://*.criteo.net https://cdn.decibelinsight.net https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.dwin1.com https://cm.everesttech.net https://*.facebook.net https://connect.facebook.net https://*.google.com https://*.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.com https://adobedtm.com https://decibelinsight.net https://medallia.eu https://sc-static.net https://twitter.com https://vimeo.com https://nebula-cdn.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://*.liveperson.net https://lptag.liveperson.net https://*.lpsnmedia.net https://resources.digital-cloud-uk.medallia.eu https://plugin.monotote.com https://beta.mybetterdl.com https://p0.mycdn.co https://cdn.nowinteract.com https://*.tt.omtrdc.net https://btbusiness.d1.sc.omtrdc.net https://a.optmnstr.com https://ct.pinterest.com https://rules.quantcount.com https://secure.quantserve.com https://static.queue-it.net https://eeuk.queueit.net https://mark.reevoo.com https://assets.revlifter.io https://ws.sessioncam.com https://js.smct.co https://js.smct.io https://smct.co https://vip.timezonedb.com https://*.tags.tiqcdn.com https://tags.tiqcdn.com https://cdn.syndication.twimg.com https://*.twitter.com https://consent.trustarc.com https://analytics.twitter.com https://platform.twitter.com https://track.uniqodo.com https://cdn.walkme.com https://gdata.youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.zenaps.com https://analytics.tiktok.com; frame-src 'self' https://*.akamaihd.net https://ee.cloud-iq.com https://d16fk4ms6rqz1v.cloudfront.net https://*.ee.co.uk https://ee.co.uk https://ee.real-digital.co.uk https://*.criteo.com https://*.criteo.net https://*.demdex.net https://*.doubleclick.net https://3796688.fls.doubleclick.net https://eeretailapp.co.uk https://*.facebook.com https://*.facebook.net https://*.google.com https://saltcdn2.googleapis.com https://tpc.googlesyndication.com https://social.hotukdeals.com https://www.hotukdeals.com https://noop.style https://saltcdn2.instagram.com https://lo.tokenizer.liveperson.net https://lo.v.liveperson.net https://server.lon.liveperson.net https://*.lpsnmedia.net https://resources.digital-cloud-uk.medallia.eu https://plugin.monotote.com https://ee-embedded.myunidays.com https://www.myunidays.com https://authorize.omniture.com https://sitecatalyst.omniture.com https://prod-browsext.pricesearcher.com https://smct.co https://tr.snapchat.com https://consent-pref.trustarc.com https://consent.trustarc.com https://platform.twitter.com https://syndication.twitter.com https://insights.uniqodo.com https://app.wizdom.ai http://ee-uk-ppf.wm-staging.com https://www.youtube.com https://www.youtube-nocookie.com https://gateway.zscalerone.net; style-src 'self' 'unsafe-inline' https:; media-src 'self' https:; img-src 'self' https:; font-src 'self' https:; default-src 'self' https://*.ee.co.uk https://ee.co.uk; object-src 'self' https://*.ee.co.uk https://ee.co.uk; report-uri https://c1kwrg3du5.execute-api.eu-west-1.amazonaws.com/csp ; report-to csp-endpoint 1
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com *.force.com moneygram-intl.ingeniuxondemand.com use.fontawesome.com consent.trustarc.com fonts.gstatic.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.uk www.google.com cdn.smct.io www.google.co.ma flask.nextdoor.com www.google.it consent-pref.trustarc.com *.googleapis.com www.google.fr global.moneygram.com www.google.com.pk consumerapi.moneygram.com www.google.com.ng tr.silverpush.co *.facebook.net c.clarity.ms sp.analytics.yahoo.com fonts.gstatic.com www.google.com.mx a.volvelle.tech drs2.veinteractive.com maps.gstatic.com *.doubleclick.net *.snapchat.com *.force.com www.googletagmanager.com consent.trustarc.com bam.nr-data.net www.google.es webv2cmsprod.aws.moneygram.com *.sitescout.com moneygram-intl.ingeniuxondemand.com bat.bing.com www.google.de *.facebook.com events.smct.co www.google.ca; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.emjcd.com survey.us.confirmit.com www.googletagmanager.com *.wlp-acs.com www.google.com consent-pref.trustarc.com centinelapi.cardinalcommerce.com *.cloudfront.net deviceauth.moneygram.com config1.veinteractive.com www.securesuite.co.uk conversions.clickmeter.com consent.trustarc.com *.sitescout.com *.dotomi.com *.snapchat.com *.force.com asset.gomoxie.solutions *.googlesyndication.com tags.rd.linksynergy.com smct.co *.doubleclick.net hosted.where2getit.com clickmeter.com www.youtube.com *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: config1.veinteractive.com j.clarity.ms s.yimg.com www.googletagmanager.com www.tp88trk.com e.clarity.ms asset.gomoxie.solutions d.clarity.ms l.clarity.ms *.googleadservices.com www.woopra.com *.googleapis.com *.doubleclick.net smct.co d.turn.com js.smct.co consent.trustarc.com tags.rd.linksynergy.com www.gstatic.com a.clarity.ms moneygram-intl.ingeniuxondemand.com sc-static.net js.smct.io cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net *.salesforceliveagent.com bat.bing.com *.force.com ads.nextdoor.com includes.ccdc02.com songbird.cardinalcommerce.com www.google.com *.facebook.net six.cdn-net.com deviceauth.moneygram.com digitalfeedback.us.confirmit.com; form-action  *.facebook.com *.salesforceliveagent.com deviceauth.moneygram.com *.snapchat.com *.wlp-acs.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com *.force.com asset.gomoxie.solutions *.googleapis.com cdn.honey.io use.fontawesome.com moneygram-intl.ingeniuxondemand.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.snapchat.com *.doubleclick.net ipb.smct.io webv2cmsprod.aws.moneygram.com cookiee1.veinteractive.com centinelapi.cardinalcommerce.com *.facebook.com events-moneygram.gomoxie.solutions nkys7k94ig.execute-api.us-east-2.amazonaws.com sp.analytics.yahoo.com moneygram-intl.ingeniuxondemand.com bam.nr-data.net sessionapi.veinteractive.com s.yimg.com ipb.smct.co js.smct.io asset.gomoxie.solutions *.force.com adservice.google.com d.clarity.ms *.googleapis.com consent-pref.trustarc.com a.clarity.ms e.clarity.ms consumerapi.moneygram.com www.google.com js.smct.co b.clarity.ms dtrc.veinteractive.com smct.co firehose.eu-west-1.amazonaws.com geo.cardinalcommerce.com flask.nextdoor.com digitalfeedback.us.confirmit.com ipl.smct.co j.clarity.ms kg668dbov0.execute-api.us-east-1.amazonaws.com api.onfido.com ipl.smct.io bat.bing.com location.gomoxie.solutions cognito-identity.eu-west-1.amazonaws.com l.clarity.ms; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
connect-src 'self' *.bazaarvoice.com *.clarity.ms *.crazyegg.com *.demdex.net *.doubleclick.net *.forter.com *.googleapis.com *.perimeterx.net *.px-cdn.net *.px-client.net *.px-cloud.net *.pxchk.net *.taboola.com *.totalwine.com *.tt.omtrdc.net adservice.google.com analytics.twitter.com assets.adobedtm.com b.px-cdn.net bam-cell.nr-data.net bam.nr-data.net bat.bing.com cdn.cookielaw.org cdn0.forter.com ct.pinterest.com d.adroll.com d2o5idwacg3gyw.cloudfront.net dpm.demdex.net gc.kis.v2.scr.kaspersky-labs.com gdpr.loopme.com geolocation.onetrust.com in.visitors.live ipapi.co maps.googleapis.com pagead2.googlesyndication.com privacyportal.onetrust.com recs.richrelevance.com schema.milestoneinternet.com settings.luckyorange.net siteintercept.qualtrics.com stats.g.doubleclick.net t.co totalwine-sites.secure.force.com totalwine.tt.omtrdc.net us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net vimeo.com wss://cdn0.forter.com wss://in.visitors.live wss://visitors.live www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.instagram.com www.paypal.com www.totalwine.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bazaarvoice.com *.clarity.ms *.forter.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.perimeterx.net *.totalwine.siteintercept.qualtrics.com 1c63ac2bb1db.cdn4.forter.com 6uyqy3.aayp1.com 7rm60015.ibosscloud.com activitymap.adobe.com amplify.outbrain.com analytics-static.ugc.bazaarvoice.com analytics.twitter.com api.microsofttranslator.com apps.bazaarvoice.com appslinker.net ascend.pepperjam.com assets.acdn.no assets.adobedtm.com assets.photo-ac.com auctioneer.50million.club bam-cell.nr-data.net bam.nr-data.net bat.bing-int.com bat.bing.com biglinksrc.cool blipznchitzcom-a.akamaihd.net blob: bpb.opendns.com brounelink.com c.paypal.com c2op6nqb.micpn.com captcha.px-cdn.net cdn.bitkeep.vip cdn.brcdn.com cdn.cookielaw.org cdn.credithub.com.br cdn.pdst.fm cdn.segment.com cdn.tt.omtrdc.net cdn.walkme.com cdncache-a.akamaihd.net cdnjs.cloudflare.com clipsold.com cms.totalwine.bloomreach.cloud cn-1552396033-3-7vnsr40099.ibosscloud.com cn1759620868-7vnsr40081.ibosscloud.com cn1759623655-7vnsr30244.ibosscloud.com connect.facebook.net container.pepperjam.com core.conversant.mgr.consensu.org d.adroll.com d.la1-c2-ia5.salesforceliveagent.com d35u1vg1q28b3w.cloudfront.net dakotaram.com data display.ugc.bazaarvoice.com docs.paymentjs.firstdata.com donewrork.org f5rrzo.x9m86.com f5smf2.svn0czn.com filterprem.org floatingplayer.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com geolocation.onetrust.com googleads.g.doubleclick.net hublosk.com i.loopme.me i0gj.su3e5.com j6j8xk.svn0czn.com jfy5gw.su3e5.com js-agent.newrelic.com js.adsrvr.org jullyambery.net jw5c.jahk7c.com leepraktic.net lhdipg1.d2sri.com live.rezync.com ln-rules.rewardstyle.com login-ds.dotomi.com loungesrc.net lowffdompro.com m59.prod2016.com mayg6.svn0czn.com mc5fo9.umnb7r9.com milkpload.net mpsnare.iesnare.com mstat.acestream.net mtj362.bugw8.com ongc4tnp.d2sri.com partners.cmptch.com pd8yeuz.obzjc5.com pilaff-up.ru platewolf.com player.vimeo.com projflower.biz promlinkdev.com proxy.doe.gov qdatasales.com rialto-gms.s3.amazonaws.com rules.quantcount.com s.adroll.com s.cmptch.com s.dcbap.com s.pmddby.com s3.amazonaws.com schema.milestoneinternet.com script.crazyegg.com secure.mycouponsmartmac.com secure.myshopcouponmac.com secure.myshopmatemac.com secure.quantserve.com secure.shoptimizelymac.com service.securesrv12.com siteintercept.qualtrics.com static.ads-twitter.com static.lightning.force.com static.regsvcs.theknot.com static.tacdn.com static.zdassets.com stonly.com subwayclanscom-a.akamaihd.net teddytor.abtasty.com test.micpn.com threatprotection.nordvpn.com totalwine-sites.secure.force.com totalwine.my.salesforce.com totalwine.widget.custhelp.com tpc.googlesyndication.com tr.outbrain.com try.abtasty.com twitter.com ucads-cdn.ucweb.com unpkg.com visualsponline.azurewebsites.net w4sef7.svn0czn.com we3qy.inyo4y.com wgbq27g.ez05w7r.com worksrc.cool www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.microsofttranslator.com www.pagespeed-mod.com www.paypal.com www.paypalobjects.com www.todyl.com www.totalwine.com www.upsellit.com www.youtube.com zne8jbwf0djz2vvnd-totalwine.siteintercept.qualtrics.com zswpmanager.wip.mmc.com; report-uri https://csp.px-cloud.net/report?report=1&id=c1b28b02006c9a620e0a861267a79f48&app_id=PXFF0j69T5 1
default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-main-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://analytics.twitter.com https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co/6si.min.js https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hsleadflows.net https://js.qualified.com https://maps.googleapis.com https://rum-static.pingdom.net https://script.hotjar.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://tagmanager.google.com https://tracking.g2crowd.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com https://www.google-analytics.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src 'self' https://*.hotjar.com https://*.pingdom.net https://adservice.google.com/pagead/ https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://c.6sc.co https://dev.visualwebsiteoptimizer.com https://forms.hsforms.com https://forms.hubspot.com https://hackerone.com https://hubspot-forms-static-embed.s3.amazonaws.com https://secure.adnxs.com/getuidj https://stats.g.doubleclick.net https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.com wss://*.hotjar.com wss://app.qualified.com wss://ws.qualified.com https://s15952.pcdn.co; frame-src https:; media-src https:; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' algolia.com *.algolia.com algolia.net *.algolia.net algolianet.com *.algolianet.com algolia.io *.algolia.io data: *.doubleclick.net amplify.outbrain.com api.segment.io *.marketo.com getbeamer.com *.getbeamer.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.jsdelivr.net client-registry.mutinycdn.com client.mutinycdn.com *.clarity.ms js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com *.pingdom.net *.datadoghq.com *.adroll.com s.ml-attr.com secure.gravatar.com snap.licdn.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com *.mktoresp.com api.amplitude.com api.madkudu.com attr.ml-api.io cdn.madkudu.com cdn.segment.com fonts.gstatic.com ga.clearbit.com js.driftt.com js.sentry-cdn.com secure.adnxs.com stats.g.doubleclick.net tr.outbrain.com cdnjs.cloudflare.com ; img-src * data: ; font-src 'self' data: fonts.gstatic.com github.com images.mutinycdn.com maxcdn.bootstrapcdn.com use.typekit.net ; connect-src 'self' algolia.com *.algolia.com algolia.net *.algolia.net algolianet.com *.algolianet.com algolia.io *.algolia.io data: *.mktoresp.com *.mktoutil.com *.clarity.ms *.mutinyhq.io api.amplitude.com api.segment.io app.clearbit.com app.getsentry.com backend.getbeamer.com d.adroll.com maps.googleapis.com prod-algolia-blog-subscription.herokuapp.com us-central1-documentation-feedback.cloudfunctions.net raw.githubusercontent.com *.pingdom.net *.datadoghq.com stats.g.doubleclick.net user-data.mutinycdn.com www.google-analytics.com www.google.com adservice.google.com api.madkudu.com in.hotjar.com *.sentry.io *.hotjar.io *.hotjar.com wss://*.hotjar.com ; worker-src 'self' blob: ; report-uri https://algolia.report-uri.com/r/t/csp/wizard 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net d34s7xanp5e5sf.cloudfront.net www.gstatic.com js.stripe.com *.googleapis.com www.google.com compilers.widgets.sphere-engine.com; connect-src 'self' wss://push.piazza.com api.stripe.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org; report-uri /security/csp_report 1
default-src https: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' * data: filesystem: about: blob: ws: wss:; script-src 'self' * 'unsafe-eval' 'unsafe-inline'; img-src 'self' * data: filesystem: about: blob:; font-src 'self' *; style-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * ws: wss: 1
frame-ancestors 'self' https://*.fresha.com https://*.adyen.com; report-to default; report-uri https://o61919.ingest.sentry.io/api/6311472/security/?sentry_key=51b2c36fbeda46f2b3e98b49ec0f933b 1
style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: media.flixcar.com www.smythstoys.com static.geetest.com cdnjs.cloudflare.com *.googleapis.com *.bazaarvoice.com cdn.dots.bricks.plus wchat.freshchat.com api.autoaddress.ie media.flixfacts.com image.smythstoys.com snippets.freshchat.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com cdnjs.cloudflare.com widgets.trustedshops.com code.jquery.com *.hotjar.com media.flixfacts.com www.youtube.com snippets.freshchat.com image.smythstoys.com tiger-cdn.zoovu.com media.flixcar.com www.google.de *.facebook.net cart.circulator.com dots.bricks.plus www.recaptcha.net scontent.webcollage.net www.myhermes.co.uk h.clarity.ms i.clarity.ms www.smythstoys.com www.gstatic.com f.clarity.ms j.clarity.ms prod.flixgvid.flix360.io static.geetest.com wchat.freshchat.com cdn.dots.bricks.plus *.bazaarvoice.com www.usemaxserver.de syndi.webcollage.net sdk.woosmap.com www.googletagmanager.com content.syndigo.com api.autoaddress.ie www.google-analytics.com www.google.com api.geetest.com *.online-metrix.net d.clarity.ms e.clarity.ms *.googleapis.com www.clarity.ms *.googleadservices.com content.webcollage.net webapp.woosmap.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com media.flixcar.com www.smythstoys.com fonts.gstatic.com media.flixfacts.com dots.bricks.plus; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.smythstoys.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: c.clarity.ms www.google.co.uk www.google.com rt.flix360.com www.google.fr *.online-metrix.net *.googleapis.com dots.bricks.plus www.myhermes.co.uk images.woosmap.com static.geetest.com fonts.gstatic.com www.google.ch *.bazaarvoice.com event.webcollage.net www.google.nl www.smythstoys.com eu.klarnaevt.com media.flixfacts.com image.smythstoys.com *.doubleclick.net www.google-analytics.com media.flixcar.com bat.bing.com maps.gstatic.com www.google.de widgets.trustedshops.com content.syndigo.com www.google.ca www.google.ie api.woosmap.com www.google.se www.googletagmanager.com *.facebook.com event.syndigo.cloud cdnjs.cloudflare.com api.autoaddress.ie www.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.online-metrix.net www.smythstoys.com www.youtube.com *.facebook.com *.hotjar.com www.youtube-nocookie.com www.googletagmanager.com *.bazaarvoice.com wchat.eu.freshchat.com media.flixcar.com www.google.com www.usemaxserver.de www.recaptcha.net; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.syndigo.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.online-metrix.net image.smythstoys.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com eu.klarnaevt.com *.hotjar.com *.doubleclick.net 63di6za7i5.execute-api.eu-west-1.amazonaws.com *.facebook.com www.googletagmanager.com content.syndigo.com adservice.google.com www.clarity.ms *.online-metrix.net d.clarity.ms *.googleapis.com b.clarity.ms api.woosmap.com www.google-analytics.com webapp-conf.woosmap.com www.smythstoys.com h.clarity.ms i.clarity.ms e.clarity.ms *.bazaarvoice.com www.google.com f.clarity.ms media.flixcar.com image.smythstoys.com k.clarity.ms j.clarity.ms vc.hotjar.io; form-action  www.smythstoys.com *.bazaarvoice.com secureacceptance.cybersource.com *.facebook.com; report-uri /csp_report 1
default-src 'self' blob: cdn.cbs.nl cbs.piwik.pro cbs.containers.piwik.pro www.google-analytics.com analytics.eu.kaltura.com cfvod.eu.kaltura.com api.eu.kaltura.com api.cdnjs.com vodcdn.eu.kaltura.com api.usabilla.com opendata.cbs.nl dataderden.cbs.nl www.pingvp.com www.google.com geodata.nationaalgeoregister.nl public.tableau.com localfocus2.appspot.com cbsnl.maps.arcgis.com  ec.europa.eu;img-src 'self' data: blob: cdn.cbs.nl www.google-analytics.com api.eu.kaltura.com d6tizftlrpuof.cloudfront.net w.usabilla.com cfvod.eu.kaltura.com cbs.piwik.pro validator.swagger.io service.pdok.nl public.tableau.com *.tile.openstreetmap.org;report-uri /cspreport;style-src 'self' 'unsafe-inline' cdn.cbs.nl cdn.jsdelivr.net cdnjs.cloudflare.com d6tizftlrpuof.cloudfront.net;font-src 'self' data: cdn.cbs.nl cdnjs.cloudflare.com api.eu.kaltura.com d6tizftlrpuof.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.cbs.nl api.eu.kaltura.com w.usabilla.com api.usabilla.com cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com api.cdnjs.com cbs.piwik.pro cbs.containers.piwik.pro www.google-analytics.com analytics.eu.kaltura.com d3js.org www.google.com www.gstatic.com public.tableau.com ajax.googleapis.com 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-c5627078cc3d3853f1579a513098dc25' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src qoe-1.yottaa.net self https:; connect-src self https: *.typekit.net; script-src-elem blob self https: 'unsafe-inline'; img-src self https: data:; style-src blob self https: 'unsafe-inline'; script-src blob self https: 'unsafe-inline'; style-src-elem self https: 'unsafe-inline'; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=a244R10OWtLFnA&ruleName=Content%20Security 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self'   https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample' https://static.zdassets.com https://ekr.zdassets.com https://internations.zendesk.com https://*.zopim.com wss://internations.zendesk.com wss://*.zopim.com; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com https://*.zuora.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data: https://v2assets.zopim.io https://static.zdassets.com; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.zuora.com 'report-sample' https://static.zdassets.com https://ekr.zdassets.com https://internations.zendesk.com https://*.zopim.com wss://internations.zendesk.com wss://*.zopim.com; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/  https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/abc_xyz 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ai.asapp.com *.wistia.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com munchkin.marketo.net static.ads-twitter.com googleads.g.doubleclick.net www.google.com analytics.twitter.com app-sj32.marketo.com src.litix.io www.googleanalytics.com www.googleoptimize.com optimize.google.com unpkg.com; style-src 'self' 'unsafe-inline' ai.asapp.com pro.fontawesome.com fonts.googleapis.com app-sj32.marketo.com optimize.google.com; font-src 'self' data: pro.fontawesome.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data: www.google-analytics.com www.googletagmanager.com optimize.google.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; connect-src 'self' ai.asapp.com www.google-analytics.com stats.g.doubleclick.net *.wistia.com embedwistia-a.akamaihd.net *.mktoresp.com *.mktoutil.com *.litix.io *.lever.co; frame-src ai.asapp.com bid.g.doubleclick.net app-sj32.marketo.com fast.wistia.com www.googletagmanager.com optimize.google.com youtube.com www.youtube.com; object-src embedwistia-a.akamaihd.net embed-fastly.wistia.com; worker-src blob:; frame-ancestors 'self' asapp.northpass.com; report-uri https://asapp.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-d2e2c8247a57f8fa18ac5cee73f628d0' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net 	 https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.stackadapt.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
frame-ancestors 'self' http://*.oriflame.com https://*.oriflame.com http://*.online.ori https://*.online.ori http://*.ori.local https://*.ori.local http://*.oriflame.cc https://*.oriflame.cc http://*.oriflame.ru https://*.oriflame.ru http://*.oriflame.cn https://*.oriflame.cn; report-uri /CspReport?policyRequestId=f9b13992e54a424e 1
default-src 'none'; connect-src 'self' https://api.prod.eurostar.com https://www.facebook.com https://collect-eu-west-1.tealiumiq.com https://chat.kommunicate.io https://www.google-analytics.com https://c.contentsquare.net https://tr.snapchat.com https://stats.g.doubleclick.net https://api.kommunicate.io https://cdn.kommunicate.io https://bat.bing.com https://collect.tealiumiq.com https://r.contentsquare.net https://checkoutshopper-live.adyen.com https://adservice.google.com https://www.google.com wss://socket5.kommunicate.io https://maps.googleapis.com https://www.paypal.com wss://socket.applozic.com:80 https://bots.kommunicate.io; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://tags.tiqcdn.com https://googleads.g.doubleclick.net https://scripts.eurostar.com https://visitor-service-eu-west-1.tealiumiq.com https://connect.facebook.net https://www.google-analytics.com https://i.ctnsnet.com https://cdn.kommunicate.io https://www.googleadservices.com https://www.googletagmanager.com https://consentag.eu https://sp.analytics.yahoo.com https://eus.cdn-v3.conductrics.com https://w.usabilla.com https://sc-static.net https://secure.quantserve.com https://cdn.applozic.com https://acdn.adnxs.com https://rules.quantcount.com https://analytics.twitter.com https://ad.doubleclick.net https://www.googletagservices.com https://pagead2.googlesyndication.com https://maps.googleapis.com https://www.google.com https://api.usabilla.com; script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://w.usabilla.com https://tags.tiqcdn.com https://cdn.kommunicate.io https://cdn.applozic.com https://www.google-analytics.com https://scripts.eurostar.com https://connect.facebook.net https://acdn.adnxs.com https://consentag.eu https://rules.quantcount.com https://www.googletagmanager.com https://www.googletagservices.com https://pagead2.googlesyndication.com https://sc-static.net https://secure.quantserve.com https://eus.cdn-v3.conductrics.com https://tags.tiqcdn.com https://analytics.twitter.com https://i.ctnsnet.com https://widget.kommunicate.io https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://visitor-service-eu-west-1.tealiumiq.com; script-src-attr 'unsafe-inline'; frame-src https://consentag.eu https://9567338.fls.doubleclick.net https://tr.snapchat.com https://4978547.fls.doubleclick.net https://checkoutshopper-live.adyen.com https://www.facebook.com https://www.google.com https://bid.g.doubleclick.net https://api.prod.eurostar.com https://www.paypalobjects.com; child-src blob: https://4978547.fls.doubleclick.net https://consentag.eu https://9567338.fls.doubleclick.net https://tr.snapchat.com https://checkoutshopper-live.adyen.com https://bid.g.doubleclick.net https://api.prod.eurostar.com https://www.google.com https://www.paypal.com https://www.paypalobjects.com; worker-src blob:; style-src 'unsafe-inline' 'self' https://cdn.kommunicate.io https://fonts.googleapis.com https://content-static.eurostar.com; style-src-elem 'unsafe-inline' 'self' https://cdn.kommunicate.io; style-src-attr 'unsafe-inline'; font-src 'self' data: https://static.eurostar.com https://fonts.gstatic.com https://content.eurostar.com; img-src 'self' data: https://www.google.fr https://www.google.nl https://www.google.com.ar https://www.google.com.mx https://www.google.com.my https://www.google.com.pk https://packages-assets.eurostar.com https://www.google.be https://seal.digicert.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://pixel.quantserve.com https://www.google.co.uk https://www.google.com https://sp.analytics.yahoo.com https://cdn.sanity.io https://bat.bing.com https://c.contentsquare.net https://px.adnxs.com https://secure.adnxs.com https://pubads.g.doubleclick.net https://s3.amazonaws.com/kommunicate.s3/profile_pic/16292778625081629277861045-image249.png https://s3.amazonaws.com/kommunicate.s3/profile_pic/15735668750271573566871516-image346.png https://pixel.mediaiqdigital.com https://t.co https://www.googletagmanager.com https://ib.adnxs.com https://content-static.eurostar.com https://googleads4.g.doubleclick.net https://static.eurostar.com https://t.paypal.com https://checkoutshopper-live.adyen.com https://www.google.com.bh https://www.google.fr https://www.google.com.sg https://www.google.ie https://www.google.ca https://www.google.com.au https://www.google.cl https://maps.googleapis.com https://ad.doubleclick.net https://maps.gstatic.com https://googleads.g.doubleclick.net https://adservice.google.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com; media-src https://cdn.kommunicate.io; report-uri https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV3AvLFl8cFJizCyoPjtdrc2TKyVN8zmt8SJmAnZoMAxzgDeZwLuU-C2UsXndXALigR-I39YasVmxBeW9fddmwoqeNonZp5g_p8Pz0-AKgiInQ== 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' analytics.tiktok.com analytics.twitter.com bat.bing.com cdn.amplitude.com cdn.attn.tv cdn.segment.com connect.facebook.net edge.fullstory.com platform.twitter.com static.hotjar.com static.zuora.com *.affirm.com *.ouraring.com *.google-analytics.com *.googletagmanager.com *.knotch-cdn.com *.lightboxcdn.com *.paypal.com *.paypalobjects.com cdn.pdst.fm js.crrnt.app s.pinimg.com snap.licdn.com static.ads-twitter.com platform.twitter.com s.pinimg.com script.hotjar.com; style-src 'self' use.fontawesome.com www.lightboxcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.tiktok.com api.amplitude.com api.ecom.ouraring.com api.segment.io bat.bing.com cdn.segment.com events.attentivemobile.com in.hotjar.com rs.fullstory.com stats.g.doubleclick.net tr.snapchat.com *.braze.com *.cloudfunctions.net *.affirm.com *.google-analytics.com *.knotch-cdn.com *.paypal.com wss://ws.ttsep.com analytics.google.com ct.pinterest.com input.noibu.com ouraring.attn.tv units.knotch.it; font-src 'self' data: use.fontawesome.com; frame-src 'self' ouraring.attn.tv vars.hotjar.com *.zuora.com *.affirm.com *.facebook.com *.pinterest.com; img-src 'self' alb.reddit.com bat.bing.com ct.pinterest.com ouraring.imgix.net pixel.pointmediatracker.com px.ads.linkedin.com s3.amazonaws.com t.co t.paypal.com tr.snapchat.com unpkg.com *.ouraring.com *.facebook.com *.google-analytics.com *.google.com analytics.twitter.com cnv.event.prod.bidr.io sync.1rx.io www.google.com.au www.google.com.sg; manifest-src 'self'; media-src 'self' s3.amazonaws.com; report-uri https://wci17qn6o7.execute-api.us-west-2.amazonaws.com/prod; worker-src 'none' 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src 'self'; connect-src 'self' analytics.init.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.google.com *.snapchat.com ; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://servedby.flashtalking.com https://ad.doubleclick.net *.tiktok.com *.snapchat.com *.appsflyer.com ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world *.googleapis.com ;script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-srZ+MDivfU2Fwqq+8h2fgA==' 'sha256-JaJnzDFt7nhixFwT6OGtcVsmCt5j0JhDTL/mOR+yeLc=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-FIhX+YlCX/mDgfVKSE47aYd0Shmm38UT5k6gKibikZ0=' 'sha256-Fk6otTu/FVt+I01zVgbvspLEGgTs+6SlL/dahhvpMGo=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' ; style-src 'self' 'unsafe-inline' https: ; 1
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com *.arcgis.com use.fontawesome.com *.nj.gov fonts.gstatic.com *.googleapis.com use.typekit.net www.googletagmanager.com maxcdn.bootstrapcdn.com nj.gov unpkg.com *.cloudfront.net *.custhelp.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: abs.twimg.com *.tiktok.com www.google.com *.googleapis.com t.co www.gstatic.com nj.gov clients1.google.com sp.analytics.yahoo.com fonts.gstatic.com match.adsrvr.org *.arcgis.com www.njsp.org files.constantcontact.com *.addthis.com www.rnengage.com ton.twimg.com *.nj.gov translate.google.com 1468.global.siteimproveanalytics.io imgssl.constantcontact.com www.google-analytics.com *.doubleclick.net placeimg.com *.cloudfront.net www.googletagmanager.com www.credit-card-logos.com pbs.twimg.com *.state.nj.us *.facebook.com content.govdelivery.com *.twitter.com 77497.global.siteimproveanalytics.io; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.state.nj.us; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.arcgis.com public.govdelivery.com *.addthis.com insight.adsrvr.org *.googleapis.com www.googletagmanager.com www.cdc.gov www.njaqinow.net docs.google.com nj.gov *.state.nj.us *.nj.gov www.google.com *.twitter.com *.cloudfront.net *.doubleclick.net www.youtube.com *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: translate.google.com maxcdn.bootstrapcdn.com cse.google.com clients1.google.com z.moatads.com *.cloudfront.net content.govdelivery.com v1.addthisedge.com s.yimg.com *.twitter.com www.googletagmanager.com *.addthis.com *.googleadservices.com use.fontawesome.com cdn.syndication.twimg.com stackpath.bootstrapcdn.com *.googleapis.com *.doubleclick.net *.tiktok.com siteimproveanalytics.com *.custhelp.com www.google-analytics.com www.gstatic.com js.adsrvr.org code.jquery.com cdnjs.cloudflare.com *.nj.gov unpkg.com *.state.nj.us public.govdelivery.com nj.gov www.rnengage.com www.google.com *.facebook.net *.ads-twitter.com *.arcgis.com; form-action  *.state.nj.us www.google.com nj.gov; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.nj.gov; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com *.cloudfront.net *.nj.gov cdn.datatables.net cdnjs.cloudflare.com p.typekit.net code.jquery.com *.state.nj.us unpkg.com use.typekit.net *.twitter.com px.animaapp.com *.googleapis.com use.fontawesome.com malsup.github.io ton.twimg.com stackpath.bootstrapcdn.com nj.gov www.google.com *.custhelp.com *.arcgis.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov *.doubleclick.net www.google.com *.twitter.com *.custhelp.com *.facebook.com www.njlottery.com analytics.google.com *.arcgis.com *.tiktok.com cognito-identity.us-east-1.amazonaws.com *.addthis.com *.cloudfront.net *.state.nj.us *.nj.gov s.yimg.com public.govdelivery.com *.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
default-src 'self' blob: data: https: *.px-cloud.net pxchk.net px-client.net *.google.com *.criteo.com *.facebook.com *.pinterest.com *.fullstory.com *.bing.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; object-src *.online-metrix.net; script-src *.discovercard.com *.discover.com *.aexp-static.com *.mastercard.com d3eaqalnfsy4sn.cloudfront.net woobox.com *.instagram.com *.jquery.com *.px-cdn.net *.perimeterx.net *.iesnare.com d29usylhdk1xyu.cloudfront.net rpxnow.com *.googleapis.com *.bazaarvoice.com *.youtube.com *.truefitcorp.com *.getsidecar.com *.verisign.com d3m83gvgzupli.cloudfront.net *.pcapredict.com *.visa.com *.online-metrix.net *.agkn.com *.agilone.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' 'self' *.affirm.com *.postcodeanywhere.co.uk *.attn.tv *.yottaa.net *.coremetrics.com *.monetate.net *.googletagmanager.com *.google-analytics.com *.criteo.net *.murdoog.com *.facebook.net *.ads-twitter.com *.pinimg.com fullstory.com *.signifyd.com *.bing.com *.rejoiner.com d3v27wwd40f0xu.cloudfront.net *.google.com *.impactradius-event.com *.googlecommerce.com *.liveperson.net *.fullstory.com *.twitter.com *.criteo.com *.lpsnmedia.net *.moosejaw.com googleads.g.doubleclick.net *.googleadservices.com *.xg4ken.com; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=g3UgcLo4h3Ycdg&ruleName=Default_Profile_CSP 1
frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src *.youtube.com vk.com https: blob: mc.yandex.ru jivosite.com; report-uri /csp-report; 1
base-uri 'self';connect-src 'self' https://www.google-analytics.com https://*.googleapis.com https://api.rudderlabs.com https://hosted.rudderlabs.com https://rudderstack.taskade.cloud https://api.stripe.com https://checkout.stripe.com https://sentry.taskade.cloud wss: https://vimeo.com https://fast.wistia.com https://*.loom.com https://companion.taskade.com;default-src 'self';form-action 'self';media-src 'self' https://js.driftqa.com https://files.taskade.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com;object-src 'none';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.stripe.com https://files.taskade.com https://unpkg.com https://i.ytimg.com https://*.sndcdn.com https://i.vimeocdn.com https://*.wistia.com https://cdn.loom.com https://*.figma.com https://images.typeform.com https://*.whimsical.com https://companion.taskade.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;font-src 'self' data:;frame-src https://js.driftt.com https://widget.drift.com https://checkout.stripe.com https://hooks.stripe.com https://js.stripe.com https://call.taskade.com https://*.youtube.com https://*.soundcloud.com https://player.vimeo.com https://*.loom.com https://*.figma.com https://*.invisionapp.com https://*.typeform.com https://*.whimsical.com;report-uri /webhooks/csp-report;report-to /webhooks/csp-report;frame-ancestors 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com *.googleapis.com www.imss.gob.mx framework-gb.cdn.gob.mx www.google.com; form-action  www.imss.gob.mx; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com cdnjs.cloudflare.com www.imss.gob.mx; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com cdnjs.cloudflare.com static3.avast.com framework-gb.cdn.gob.mx www.imss.gob.mx; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.youtube.com *.facebook.com www.imss.gob.mx *.twitter.com fecdn.user1st.info; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.gstatic.com *.facebook.net framework-gb.cdn.gob.mx *.twitter.com fecdn.user1st.info www.imss.gob.mx ssl.google-analytics.com www.google-analytics.com *.googleapis.com www.google.com cdnjs.cloudflare.com code.jquery.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.twitter.com www.gstatic.com www.imss.gob.mx framework-gb.cdn.gob.mx *.facebook.com *.doubleclick.net; report-uri /csp_report 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tools.oxygem.it/csp-violation-report-endpoint/index.php 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-2a81a02c4c6fba832bfc12823589d728' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com; font-src 'self' fonts.gstatic.com use.typekit.net frontend-assets.sorare.com; media-src 'self' *.amazonaws.com/assets.sorare.tech/ *.amazonaws.com/assets.sorare.dev-staging/ *.amazonaws.com/assets.sorare.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net blob:; connect-src *; img-src * data:; frame-src *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com 'strict-dynamic' 'nonce-MTUxODk5NTEwMiwzOTY5MzAyNjIw'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
object-src 'none';base-uri 'self';script-src 'nonce-iPUbuEae+q8ULZaPVHeX' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
base-uri 'none'; script-src 'self' 'nonce-Di8Dzzvo5UUzpcY' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: 'sha256-47mKTaMaEn1L3m5DAz9muidMqw636xxw7EFAK/YnPdg=' 'sha256-iry7oJKoKJ+9HSjmU3E1TlRlpSesJWZ1vapuUz2MP38='; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=146&pid=8aaf1cbf0fee01fa&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKP2vDZE976Vk8dEsghizSBhVUkzIBBhthy; 1
img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1
default-src 'self' https:; base-uri https://www.elysee.fr; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; form-action 'self'; frame-ancestors 'none'; img-src https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; plugin-types video/*; script-src 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; style-src https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-c2550bd0a4261567b7f50a2d44532866' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; report-uri https://mizar.unive.it/alvise.rabitti/cspreport/report.php; 1
script-src 'self'; object-src 'self' 1
base-uri 'self';script-src-elem 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-f938ae2974de312d';report-uri /api/report_csp_violation; 1
script-src 'self' 'unsafe-eval' 'sha256-Tzu6+wuu1SjTdVaXJEV6PivtY9mRqZb0xhhm2BLRAOA=' 'sha256-7IyttL+tUqfo+WQfAWL3v6YMknUKo9ajmbpNtuTjMN0=' 'sha256-3hfUlZv/u0yM7A3uB3JvxOvBYAe8qn24uA4O2An1VRY=' 'sha256-MV1RuepqvbyT5NhbRPeSj1juoiQBimzZ/wO2CMs3kus=' 'sha256-ABZr65Zok8xacqLFUeZR+42Msgxys7C+6WB+vtacJb8=' 'sha256-bHVKPlpu6EceFvLitpQwu5mjjCOghOO0EQqqS41Qn6Q=' 'sha256-wxehmTJycT+YLBVHLN3bWj/zTcxemiqmfRQzTQW8ir4=' 'sha256-xCJKn7hMM9SELWl17uBsfarS81wpzMEJEmq9eKBxtzs=' 'sha256-+2rXXU3laxTDtQNsImGyQ1X64rn4ISQLNShnWzx821g=' 'sha256-/J1Ywi0oxHQHCpzRvtKWWe4P+hIt7HcIaSwR9c4c5Rs=' 'sha256-39X4GDwTjoEuiHC/2kJYF7mNFjiDloAgzPDJAZFmXUA=' 'sha256-4H8OjgRPgGcbXIWnunILQFptlaDulDAprEkdWAmd5rs=' 'sha256-6ncdpKw08Cc1EFsSeeLsVjAIaYvgm1rBcI4cNp12+Qw=' 'sha256-7PIxQkJpqFtF3ibD6pIWa3xB9NioZz/ynQRYzL0/GQk=' 'sha256-7gtkfRfWNDeobU0B/hfsPp2BIWvoaQl9Qnyy5LiRnxs=' 'sha256-FCJSELYJJqB55vIG3t/ph5fM8YdnNvdK1wyBgKoLBv8=' 'sha256-FTGWq2sxofS5L8Yq87ilEpDqn9l5NkLK0cc3sd7OvnM=' 'sha256-IHOzCHp//Jl1lFsowvMxAPGD+T7zlnWM2mFk53CcUCQ=' 'sha256-Lbd7CfEvDCWYMyHY0+sXbfaSIJoSyADQN1msRc5GDNI=' 'sha256-UIJOLWy/Osv+QGQ4imdRlRujM6eUI1MSyU7o0yUPUZY=' 'sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs=' 'sha256-av+IGVQJsQwpqceEC0sQFA8e9C8QabH8uLcfyhwM7SQ=' 'sha256-eVK40NIq3UGWc8qEju5kUvLu1HgsUzj88BW49m/q4j0=' 'sha256-ggRYfkK/3LVUNlNZMQmNN9BFxap4CrJfPbtZ6v2xbjo=' 'sha256-grcTsfRWbkeUhSuDjdKCkH5D8wGl/7m/mQ40fxHu0mw=' 'sha256-jFtAwO73SFINACr8TD6icHqaE8VW008cFmXWwD0f9fM=' 'sha256-r217nY7GmxmFONoUAdkKv3HkplOIco6U4dEWu4mrSIs=' 'sha256-u24cgm8XlTjNvJyJKe51ekUDI8IYMtxoJZ/6Obf/+y0=' 'sha256-xGfPUma/ZEUO/hLpxJqIvAXja0IQ6z6bdVSim0NgRs0=' 'report-sample' https://*.doubleclick.net https://*.cdn4.forter.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.nr-data.net https://*.yahoo.com https://api.bounceexchange.com https://assets.bounceexchange.com https://at1.listrakbi.com https://bat.bing.com https://bam.nr-data.net https://cdn.attn.tv https://cdn.browsiprod.com https://connect.facebook.net https://code.jquery.com https://cdn.jsdelivr.net https://content.linkedin.com https://cdn.listrakbi.com https://connect.nosto.com https://cdn.roirevolution.com https://f.clarity.ms https://googleads.g.doubleclick.net https://graph.facebook.com https://geoipwebservice.com https://google-analytics.com https://googletagmanager.com https://guarantee-cdn.com https://js.facebook.com https://js-agent.newrelic.com https://platform.linkedin.com https://query.yahooapis.com https://r.bing.com https://r.webeyez.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://services.listrak.com https://s1.listrakbi.com https://s.pinimg.com https://sec.webeyez.com https://s.yimg.com https://tag.bounceexchange.com https://tagmanager.google.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://sdk.helloextend.com/extend-sdk-client/v1/extend-sdk-client.min.js https://cdn1.affirm.com/js/v2/affirm.js https://*.clarity.ms/s/0.6.34/clarity.js;frame-ancestors 'self' *.yahoo.com s.yimg.com;frame-src https://www.affirm.com/ https://creatives.attn.tv/ https://r.webeyez.com/ https://assets.bounceexchange.com/;block-all-mixed-content;style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com *.google.com *.bing.com code.jquery.com cdn.jsdelivr.net cdn.listrakbi.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com;base-uri 'self' *.yahoo.com;form-action 'self' *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; report-to default 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-58b7939ef59d26ab72a9e562270fdac1' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src  'self'; script-src  'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' 7203076.collect.igodigital.com 7203076.recs.igodigital.com *.bazaarvoice.com analytics.twitter.com bat.bing.com *.krxd.net cdn.optimizely.com cnstrc.com connect.facebook.net googleads.g.doubleclick.net h.online-metrix.net maps.googleapis.com mpsnare.iesnare.com platform.twitter.com portal.afterpay.com s.go-mpulse.net s.pinimg.com sc-static.net script.hotjar.com static.atgsvcs.com static.demoup.com static.hotjar.com *.useinsider.com targetaustralia.custhelp.com targetaustralia.widget.custhelp.com vsvipsy01.rightnowtech.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.secure-afterpay.com.au cdn.evgnet.com tags.tiqcdn.com prod.accdab.net *.cdn-net.com static.ads-twitter.com vsvipsd01.rightnowtech.com www.paypalobjects.com www.paypal.com rules.atgsvcs.com nexuspublications.com.au media.flixcar.com media.flixfacts.com s.pinimg.com pinterest www.google.com *.flixgvid.flix360.io twitter.com www.target.com.au *.truefitcorp.com *.clarity.ms; style-src  'report-sample' 'self' 'unsafe-inline' display.ugc.bazaarvoice.com fonts.googleapis.com targetaustralia.custhelp.com *.useinsider.com media.flixcar.com apps.bazaarvoice.com www.target.com.au *.truefitcorp.com; object-src  h.online-metrix.net; base-uri  'self'; connect-src  'self' ac.cnstrc.com *.bazaarvoice.com api.target.com.au app.target.com.au bat.bing.com bf74468mhd.bf.dynatrace.com c.go-mpulse.net cdn.optimizely.com ct.pinterest.com events.demoup.com h.online-metrix.net *.useinsider.com logx.optimizely.com rules.atgsvcs.com static.demoup.com stats.g.doubleclick.net vc.hotjar.io www.google-analytics.com *.akstat.io *.akamaihd.net prod.accdab.net www.paypal.com rum.optimizely.com www.facebook.com *.hotjar.com errors.client.optimizely.com jslog.krxd.net www.google.com adservice.google.com s.go-mpulse.net beacon.krxd.net *.zipmoney.com.au t.zip.co media.flixcar.com www.target.com.au targetaustralia.australia-3.evergage.com tr.snapchat.com *.truefitcorp.com maps.googleapis.com *.clarity.ms analytics.google.com google.com.au api.paydock.com; font-src  'self' data: fonts.gstatic.com media.flixcar.com *.useinsider.com media.flixfacts.com cdn.honey.io *.truefitcorp.com; frame-src  'self' 5781858.fls.doubleclick.net a17024231970.cdn.optimizely.com api.bazaarvoice.com cdn.krxd.net display.ugc.bazaarvoice.com h.online-metrix.net secure.ippayments.com *.useinsider.com *.snapchat.com vars.hotjar.com www.facebook.com targetaustralia.custhelp.com www.cdn-net.com prod.accdab.net bid.g.doubleclick.net www.paypal.com www.paypalobjects.com media.flixcar.com nexuspublications.com.au www.pinterest.com ct.pinterest.com www.youtube.com pub.s7.exacttarget.com www.googletagmanager.com tags.tiqcdn.com d3nkfb7815bs43.cloudfront.net www.target.com.au mc64kq3-bxswph019ltnzyy450g4.pub.sfmc-content.com www.pinterest.com.au player.vimeo.com *.truefitcorp.com servedby.flashtalking.com widget.paydock.com; img-src  'self' data: bat.bing.com beacon.krxd.net ct.pinterest.com *.bazaarvoice.com googleads.g.doubleclick.net h.online-metrix.net maps.googleapis.com *.gstatic.com stack8.collect.igodigital.com t.co www.facebook.com www.google-analytics.com www.google.com www.google.com.au 5781858.fls.doubleclick.net www.pinterest.com *.d.aa.online-metrix.net t.paypal.com www.googletagmanager.com *.useinsider.com media.flixcar.com videos.demoup.com rt.flix360.com jslog.krxd.net prf.hn apiservices.krxd.net adservice.google.com googleads.g.doubleclick.net www.paypalobjects.com 5781858.fls.doubleclick.net media.flixfacts.com static.zipmoney.com.au zip.co www.google.co.in www.google.ru www.google.co.uk www.google.ca www.google.com.sg www.google.co.nz connect.facebook.net www.google.com.sa www.google.com.pg www.google.co.id www.google.com.fj www.google.com.ph www.google.com.hk www.google.com.pk www.google.com.tw www.google.de www.google.ae www.google.to www.google.com.np www.google.co.jp www.google.it www.google.com.kh www.google.pl www.google.fi www.google.com.my www.google.com.qa www.google.com.ec www.google.co.th www.google.nr www.google.nl www.google.cn www.google.co.il www.google.vu www.google.no www.google.co.kr www.google.lk www.google.mu www.google.com.vn www.google.at www.google.cl www.google.com.gt www.google.com.bd www.google.com.eg www.google.co.tz www.google.com.pr www.google.fr www.google.mn www.google.com.lb www.google.be www.google.ws www.google.gr www.google.ch www.google.vg www.google.co.ck www.google.ie d3np41mctoibfu.cloudfront.net www.target.com.au www.google.pt www.google.com.jm www.google.am www.google.com.do www.google.com.cy www.google.com.ar www.google.co.za www.google.ge www.google.com.br www.google.so www.google.com.tr www.google.com.kw www.google.se www.google.bg www.google.com.sv www.google.hn www.google.iq i.ytimg.com img.youtube.com network.bazaarvoice.com *.truefitcorp.com *.clarity.ms analytics.twitter.com *.bing.com; manifest-src  'self'; media-src  'self' videos.demoup.com; worker-src  'self'; report-uri  /csp-report-only 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com c7.avaamo.com c7avaamo.s3-us-west-2.amazonaws.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://app.shopify.com/ https://atlas.shopifycloud.com/ https://monorail-edge.shopifysvc.com/ https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' shopify-assets.shopifycdn.com fonts.gstatic.com; form-action 'self' https://app.shopify.com/; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' proxy.shopifycdn.com data: notify.bugsnag.com shopify-assets.shopifycdn.com shopify-assets.shopifycdn.net www.gstatic.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-6k4WOAfvSl7DOwpWH52bnc0hmtQQjXVf5jv/uDuT7D0=' https://shopify-assets.shopifycdn.com https://shopify-assets.shopifycdn.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 'nonce-TFlrEdEHWnt45O+OIg4SIijoJyLXhBSl2I8Q4+xCxdY=' 'unsafe-inline'; style-src 'unsafe-inline' 'self' shopify-assets.shopifycdn.com shopify-assets.shopifycdn.net fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=new&source%5Bapp%5D=identity&source%5Bcontroller%5D=account_lookup&source%5Buuid%5D=4267f5591f839690c96d6c3bd24c61ff 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; frame-src 'self' *.debate.com.mx *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net giphy.com *.memeate.com *.windy.com *.taboola.com *.liveleak.com *.pinterest.com *.hotjar.com *.teads.tv debates.cocinaycomparte.com *.spotify.com *.criteo.com ecdn.firstimpression.io *.forexprostools.com tenor.com ytkids.app.goo.g www.nytimes.com www.vlive.tv streamable.com *.seedtag.com battlefy.com *.imonomy.com *.lijit.com; report-uri https://debate.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' img.youtube.com https:; object-src 'none'; 1
default-src 'self';img-src 'self' data: https://flickr.com https://*.flickr.com https://s.gravatar.com https://s.gravatar.com/avatar https://secure.gravatar.com/avatar https://i1.wp.com/cdn.auth0.com/avatars https://cdn.auth0.com/avatars https://g.stripe.com/ https://ssl.google-analytics.com/ https://pagead2.googlesyndication.com https://pbs.twimg.com/profile_images/ https://farm66.static.flickr.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://pbs.twimg.com https://securepubads.g.doubleclick.net;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';frame-src https://js.stripe.com https://platform.twitter.com/ https://syndication.twitter.com/ https://tpc.googlesyndication.com/ https://*.safeframe.googlesyndication.com/ https://www.google.com/ https://googleads.g.doubleclick.net/;connect-src 'self' https: https://securepubads.g.doubleclick.net/pagead/ppub_config https://bam.nr-data.net/events/1/cb925c8058;object-src none;script-src 'self' 'unsafe-inline' report-sample https://js.stripe.com/v3/ https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-3.4.1.slim.min.js https://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/validate.js/0.13.1/validate.min.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/list.js/1.5.0/list.min.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/ https://ssl.google-analytics.com/ga.js https://js-agent.newrelic.com/nr-spa-1184.min.js https://fundingchoicesmessages.google.com https://bam.nr-data.net https://securepubads.g.doubleclick.net https://www.googletagservices.com https://adservice.google.com https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://cdn.jsdelivr.net/npm/clipboard@2.0.8/dist/clipboard.min.js https://platform.twitter.com/widgets.js https://cdnjs.cloudflare.com/ajax/libs/howler/2.1.1/howler.min.js https://cdnjs.cloudflare.com/ajax/libs/validator/10.9.0/validator.min.js https://*.safeframe.googlesyndication.com/ https://*.googlesyndication.com/ https://platform.twitter.com/js/ https://cdn.ampproject.org;script-src-attr none;style-src 'self' https: 'unsafe-inline' report-sample;report-uri https://5f9d927665d1a16209ba908c.endpoint.csper.io 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AN7V1F1VY261K:sid=262-9672927-0508060:rid=HYWNM5P4AJYQGZR84JEK:sn=www.audible.de 1
default-src 'none'; script-src 'unsafe-eval' 'report-sample' 'nonce-q8BrNCIb2D2o+OwULtoOCA==' blob: an.yandex.ru mc.yandex.ru yastatic.net sso.edadeal.ru; style-src 'self' 'report-sample' 'unsafe-inline' yastatic.net; font-src 'self' yastatic.net; img-src 'self' data: ads.edadeal.ru ads.adfox.ru an.yandex.ru favicon.yandex.net avatars.mds.yandex.net avatars.yandex.net mc.yandex.ru yastatic.net leonardo.edadeal.io leonardo-stage.edadeal.io leonardo-dev.edadeal.io ads.edadeal.ru sso.passport.yandex.ru barcode.edadeal.ru megalith.edadeal.ru; frame-src blob: www.youtube.com yastatic.net sso.passport.yandex.ru sso.edadeal.ru; frame-ancestors https://yandex.ru https://yandex.com https://yandex.by https://ads.adfox.ru; manifest-src config.edadeal.ru; object-src 'none'; child-src 'self' blob: mc.yandex.ru; connect-src 'self' mc.yandex.ru clck.yandex.ru an.yandex.ru ads.edadeal.ru search.edadeal.io search-stage.edadeal.io matchid.adfox.yandex.ru ads.adfox.ru yandex.ru susanin-dev.edadeal.yandex.net susanin.edadeal.ru kobal.edadeal.ru galochka.edadeal.ru config.edadeal.ru pypaya.edadeal.ru api.edadeal.ru teleport.edadeal.ru fnslinker.edadeal.ru barcode.edadeal.ru lootbox.edadeal.ru usr.edadeal.ru api-mimino.dst.edastage.ru cloud-api.edadeal.ru lc.edadeal.ru squark.edadeal.ru ads.edadeal.ru squark.edadeal.ru cb.edadeal.ru usr.edadeal.ru barcode.edadeal.ru; report-uri https://csp.yandex.net/csp?from=web&project=edadeal&environment=production&version=4.7.18&yandex_login=undefined&yandexuid=undefined 1
default-src 'self' *.fabfitfun.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fabfitfun.com *.recurly.com *.amazonaws.com *.ada.support www.dwin1.com *.google-analytics.com *.doubleclick.net www.googleadservices.com www.googletagmanager.com *.hcaptcha.com hcaptcha.com *.exitintel.com *.facebook.net *.facebook.com *.tiktok.com *.cookielaw.org *.segment.com *.tvsquared.com *.onetrust.com *.adsrvr.org sc-static.net *.zdassets.com *.crrnt.app *.pixlee.com *.roeyecdn.com *.amplitude.com *.bing.com *.googleapis.com *.exitintel.com *.jsdelivr.net *.datadoghq-browser-agent.com *.gladly.com *.braintreegateway.com *.paypal.com *.cloudflare.com *.hotjar.com blob:; style-src 'self' 'unsafe-inline' *.fabfitfun.com *.googleapis.com; connect-src 'self' *.fabfitfun.com *.browser-intake-datadoghq.com api.recurly.com *.segment.io *.launchdarkly.com *.logs.datadoghq.com *.cookielaw.org *.optimizely.com *.launchdarkly.com *.ada.support *.doubleclick.net ekr.zdassets.com *.zendesk.com *.hcaptcha.com wss://*.zopim.com *.pixlee.com *.tiktok.com *.amplitude.com *.paypal.com *.braintree-api.com *.onetrust.com www.google-analytics.com pactsafe.io *.gladly.com *.hotjar.com; frame-src 'self' *.doubleclick.net *.avct.cloud *.avocet.io *.ada.support id.rlcdn.com *.hcaptcha.com *.recurly.com *.bidswitch.net *.sharethrough.com *.bfmio.com *.pubmine.com *.teads.tv *.gumgum.com *.paypal.com *.braintree-api.com *.adsrvr.org *.hotjar.com; img-src 'self' *.fabfitfun.com  *.google-analytics.com *.discourse.org *.cloudinary.com *.w55c.net *.adxcel-ec2.com *.facebook.com *.hcaptcha.com *.amazonaws.com *.doubleclick.net *.roeye.com *.bing.com *.google.com *.scorecardresearch.com *.tvsquared.com *.twitter.com *.exitintel.com *.googleadservices.com *.media.net *.smartclip.net data:; font-src 'self' *.fabfitfun.com  fonts.gstatic.com data:; media-src 'self' *.zdassets.com; object-src 'none'; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://pp.ephapay.net/ https://pp.eshapay.net/ https://scripts.agilone.com/ https://widget.trustpilot.com/ https://edigitalsurvey.com/ https://static.addtoany.com/ https://c.paypal.com/ https://www.paypal.com https://www.paypalobjects.com/ https://www.sandbox.paypal.com/ https://www.zenaps.com/ https://www.youtube.com/ https://*.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://*.hotjar.com/ https://s.salecycle.com https://www.googletagmanager.com/ https://www.google.com https://*.customizer.cadesignform.dk/ https://static.criteo.net/ https://www.youtube-nocookie.com/ https://d16fk4ms6rqz1v.cloudfront.net/ https://*.arcot.com/ https://www.securesuite.co.uk/ https://www.clicksafe.lloydstsb.com/ https://secure.barclaycard.co.uk https://*.photorank.me/; report-uri https://csp-violations.external.wickes.co.uk 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-nxW7fu5Ergd5XChB0N9SyDWiiONsP+O0ttgZhhnjPTI='; base-uri 'self';report-to csp-endpoint 1
default-src 'self' https://*.soraapp.com https://*.overdrive.com; connect-src 'self' https://*.soraapp.com https://*.overdrive.com https://api.duckduckgo.com https://*.od-cdn.com https://*.cachefly.net; font-src 'self' data:; frame-src 'self' https://*.soraapp.com https://*.google.com; img-src 'self' data: https://*.od-cdn.com https://*.overdrive.com https://duckduckgo.com https://biglibraryread.com; script-src 'self' 'nonce-c3cb296e59954b739a7a1f8b8416e37a' https://*.google.com; style-src 'self' 'unsafe-inline' https://*.google.com; require-trusted-types-for 'script'; frame-ancestors 'self' https://classroom.google.com; trusted-types sanitizer unsafe dompurify scriptHelper 1
font-src *.cloudflare.com *.bootstrapcdn.com data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.youtube.com *.paypal.com *.hotjar.com *.livechatinc.com *.doubleclick.net *.facebook.com *.addthis.com giphy.com gfycat.com *.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.paypal.com *.ytimg.com *.adsymptotic.com *.googleadservices.com *.bing.com *.linkedin.com *.facebook.com *.facebook.net *.google.com *.google.co.in *.slideteam.net *.googletagmanager.com *.livechatinc.com *.pinterest.com *.doubleclick.net *.gravatar.com *.resultspage.com *.resultsdemo.com *.giphy.com *.clarity.ms *.quora.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.scarabresearch.com *.trustpilot.com *.googletagmanager.com *.bing.com *.googleadservices.com *.licdn.com *.resultspage.com *.googleoptimize.com *.hotjar.com *.facebook.net *.doubleclick.net *.livechatinc.com *.addthis.com *.addthisedge.com *.formisimo.com *.moatads.com *.2checkout.com *.pinterest.com *.newrelic.com *.nr-data.net *.gravatar.com *.google.com *.clarity.ms *.quora.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.bootstrapcdn.com *.resultspage.com *.resultsdemo.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.paypal.com *.scarabresearch.com *.emarsys.net www.google-analytics.com *.doubleclick.net *.addthis.com *.addthisedge.com *.livechatinc.com *.2checkout.com *.trustpilot.com *.hotjar.com *.nr-data.net *.bing.com *.clarity.ms *.quora.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.paddle.com connect.facebook.net mc.yandex.com mc.yandex.ru quantcast.mgr.consensu.org rules.quantcount.com secure.quantserve.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.paddle.com use.fontawesome.com www.iubenda.com translate.googleapis.com; img-src 'self' data: cms.quantserve.com mc.webvisor.org mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.uz pixel.quantcount.com pixel.quantserve.com ssl.google-analytics.com ssl.gstatic.com translate.google.com translate.googleapis.com www.facebook.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tn www.google.tt www.google.td www.google.je www.google.ws www.google.rw www.google.co.mz www.google.sc www.google.tm www.google.ga www.google.tg www.google.com.ag www.google.co.in www.google.ad www.google.ml www.google.cg www.google-analytics.com www.googletagmanager.com www.gstatic.com yastatic.net; connect-src 'self' audit-tcfv2.quantcast.mgr.consensu.org code.jquery.com mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz quantcast.mgr.consensu.org translate.googleapis.com www.google-analytics.com stats.g.doubleclick.net est.quantcast.mgr.consensu.org; font-src 'self' fonts.gstatic.com use.fontawesome.com; object-src 'self'; media-src 'self'; form-action 'self'; frame-src 'self' m.youtube.com mc.yandex.com web.facebook.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com youtube.com; child-src 'self' www.facebook.com; worker-src 'self'; manifest-src 'self'; report-uri /secure-headers/report/r/d/csp/enforce; block-all-mixed-content; upgrade-insecure-requests 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; worker-src blob: 'self' *.pfhtjl.com; report-uri https://wwggsujy3yobtlvav9zj6w8w.httpschecker.net/report 1
frame-ancestors 'self'; report-uri https://www.kidspot.com.au/csp-reports 1
report-uri https://o38422.ingest.sentry.io/api/1381643/security/?sentry_key=035194ae1605493c99dd66c2a7b2ca98; default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com; form-action  *.twitter.com *.facebook.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com fonts.gstatic.com d.clarity.ms; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.twitter.com content.totalwar.com stackpath.bootstrapcdn.com use.fontawesome.com *.googleapis.com ton.twimg.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com l.clarity.ms a.clarity.ms b.clarity.ms j.clarity.ms apikeys.civiccomputing.com k.clarity.ms f.clarity.ms d.clarity.ms h.clarity.ms i.clarity.ms e.clarity.ms www.clarity.ms bat.bing.com *.doubleclick.net *.tiktok.com *.serving-sys.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.doubleclick.net *.facebook.com www.youtube.com *.twitter.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.creative-assembly.com totalwar-confluence:8090 c.bing.com www.googletagmanager.com bat.bing.com t.co content.totalwar.com www.google.fr c.clarity.ms abs.twimg.com www.google.co.uk ton.twimg.com www.google.com alb.reddit.com *.twitter.com *.facebook.com www.google.de *.tiktok.com pbs.twimg.com s.w.org; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google-analytics.com www.clarity.ms www.googletagmanager.com content.totalwar.com *.googleadservices.com j.clarity.ms i.clarity.ms *.ads-twitter.com h.clarity.ms f.clarity.ms www.google.com *.serving-sys.com d.clarity.ms a.clarity.ms e.clarity.ms *.facebook.net player.twitch.tv l.clarity.ms cdn.syndication.twimg.com bat.bing.com www.youtube.com *.twitter.com *.tiktok.com cc.cdn.civiccomputing.com www.redditstatic.com; report-uri /csp_report 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-c9f7a92b1ddbf7c2fd6ca4c7351a2e2b' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fast.fonts.net http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/  http://player.polyv.net http://cdn.cookielaw.org http://cdn.cookielaw.org https://cdn.cookielaw.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.polyv.net https://player.polyv.net https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ http://cdnjs.cloudflare.com http://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1
frame-src 'self' data: static.sidefx.com media.sidefx.com www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com maps.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com; script-src 'self' 'unsafe-eval' cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net 'nonce-pNWOCtQ5OYd8q1SOx1nLog=='; style-src 'self' 'unsafe-inline' cdn.sidefx.com static.sidefx.com d2wvmrjymyrujw.cloudfront.net media.sidefx.com fonts.googleapis.com www.google.com tagmanager.google.com *.vimeocdn.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com http://127.0.0.1:1714 ig.instant-tokens.com graph.instagram.com vimeo.com; default-src 'self'; font-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com fonts.gstatic.com; img-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com ssl.gstatic.com www.google.com www.googleapis.com clients1.google.com i.ytimg.com *.vimeocdn.com www.paypal.com placekitten.com http://dummyimage.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; media-src cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net; report-uri https://www.sidefx.com/csp_reports/ 1
script-src 'self' https://www.google-analytics.com pagecdn.io; script-src-attr 'self'; style-src 'self'; frame-ancestors 'self' 1
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com www.google-analytics.com *.googleapis.com *.facebook.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.cloudfront.net www.google-analytics.com www.google.com www.google.com.au; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com maxcdn.bootstrapcdn.com ; form-action 'none' data: blob: ; report-uri /csp_report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sportico.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://shopfs.myoppo.com https://dsfs.oppo.com https://static.sensorsdata.cn https://captcha-sec.heytapmobi.com https://collect.opposhop.cn/ https://sa.opposhop.cn/ https://ocs-cn-north1.heytapcs.com https://cdn.jsdelivr.net https://jscatch.heytapmobi.com https://uc-avatar-cn.heytapimage.com https://yihuan.oppo.com https://img-oppo-com.oss-cn-hangzhou.aliyuncs.com https://at.alicdn.com https://b.yzcdn.cn https://bsp-di-cn.heytapmobi.com https://cem-survey.myoas.com; block-all-mixed-content; report-uri https://ti.oppo.com/csp/DataReport 1
frame-ancestors 'self'; report-uri https://www.vogue.com.au/csp-reports 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_youtube 1
style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: testserver.higheredjobs.com *.googleapis.com www.higheredjobs.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googlesyndication.com www.higheredjobs.com testserver.higheredjobs.com fonts.gstatic.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.higheredjobs.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maps.gstatic.com *.linkedin.com www.google.com *.googleapis.com www.googletagmanager.com fonts.gstatic.com *.addthis.com *.googlesyndication.com links.services.disqus.com www.higheredjobs.com www.jobelephant.com www.google-analytics.com p.adsymptotic.com cdn.viglink.com testserver.higheredjobs.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.com www.google.com www.google-analytics.com *.googleapis.com *.doubleclick.net adservice.google.ca testserver.higheredjobs.com www.gstatic.com hejarticles.disqus.com v1.addthisedge.com z.moatads.com snap.licdn.com www.googletagmanager.com adservice.google.co.in *.googlesyndication.com cdn.ampproject.org *.addthis.com www.googletagservices.com; form-action  www.higheredjobs.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: links.services.disqus.com *.googlesyndication.com *.addthis.com cdn.ampproject.org *.googleapis.com *.doubleclick.net www.higheredjobs.com csi.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.googlesyndication.com *.addthis.com www.higheredjobs.com disqus.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.qualtrics.com; style-src 'self' 'unsafe-inline'; default-src 'self' data:; img-src 'self' data: blob: https:; connect-src 'self' https://member.werally.com *.amplitude.com https://browser-http-intake.logs.datadoghq.com https://rum-http-intake.logs.datadoghq.com *.qualtrics.com *.google-analytics.com s3.amazonaws.com *.s3.amazonaws.com wss://*.sendbird.com https://*.sendbird.com *.rally-dev.com *.werally.in *.werally.com; worker-src 'self' blob:; font-src 'self' data: https://member.werally.com https://member.int.werally.in; frame-src 'self' *.qualtrics.com; manifest-src 'self'; media-src 'self'; report-uri https://member.werally.com/rest/csp-reporter; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.dirt.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
style-src-elem 'unsafe-inline' 'self' embed.tawk.to fonts.googleapis.com; connect-src 'self' googleads.g.doubleclick.net pagead2.googlesyndication.com *.tawk.to analytics.tiktok.com adservice.google.com session-replay.browser-intake-datadoghq.eu rum-http-intake.logs.datadoghq.eu www.datadoghq-browser-agent.com www.google.com bat.bing.com cdn.segment.com www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net cookie-cdn.cookiepro.com trc-events.taboola.com api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io; font-src 'self' data: embed.tawk.to fonts.gstatic.com script.hotjar.com; frame-src www.facebook.com www.google.com www.youtube.com vars.hotjar.com widget.trustpilot.com; img-src 'self' data: chart.googleapis.com *.gstatic.com connect.facebook.net embed.tawk.to cds.taboola.com q.quora.com s3.eu-west-2.amazonaws.com 2.gravatar.com bat.bing.com px.ads.linkedin.com www.linkedin.com c0.adalyser.com cx.atdmt.com heapanalytics.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com *.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com web.uploads.tide.co local.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' embed.tawk.to analytics.tiktok.com *.googleoptimize.com optimize.google.com www.datadoghq-browser-agent.com cookie-cdn.cookiepro.com cdn.jsdelivr.net bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com trc.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.google.com www.gstatic.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com tagmanager.google.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1
default-src 'self' data: blob: *.ulikecam.com *.snssdk.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com;script-src-elem data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.bootcss.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com;frame-ancestors *.ulikecam.com;frame-src bytedance:;media-src *.bytecdn.cn *.365yg.com *.ixigua.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytescm.com;style-src 'unsafe-inline' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn;connect-src *.snssdk.com *.bytedance.net *.ulikecam.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytedance.com safe.usergrowth.com.cn;img-src *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.qq.com *.bytecdn.cn data: *.byteimg.com *.bytedance.net *.ulikecam.com *.gstatic.com android-webview-video-poster *.bytednsdoc.com *.bytescm.com *byteacctimg.com *.bytecdn.com;font-src data: *.byted.org *.alicdn.com *.gstatic.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 1
default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' fonts.googleapis.com photorankstatics-a.akamaihd.net; img-src 'self' data: *; media-src *; frame-src *; connect-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.minorhotels.com *.minorhotels.com.cn *.naladhu.com *.naladhu.com.cn *.nhcollection-dohavyra.com *.nhcollection-dohavyra.com.cn *.niyama.com *.niyama.com.cn *.oakshotels.com *.oakshotels.com.cn *.tivolihotels.com *.tivolihotels.com.cn world.nh-hotels.com world.nh-hotels.com.cn *.affilired.com *.bing.com *.chinesean.com *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.glopss.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.shareasale.com *.sojern.com *.thehotelsnetwork.com *.tradetracker.net *.trivago.com *.webgains.com *.yahoo.co.jp *.zdassets.com *.zenaps.com *.zendesk.com *.adform.net analytics.tiktok.com az416426.vo.msecnd.net cdn.brand-display.com d.line-scdn.net *.baidu.com fm.ipinyou.com linkcenterus.derbysoftca.com linkcenterus.derbysoftsec.com mc.yandex.ru s.yimg.jp sc-static.net snap.licdn.com stats.ipinyou.com t.2c2p.com t.skyscnr.com tag.yieldoptimizer.com tags.tiqcdn.cn tags.tiqcdn.com tr.brand-display.com widget-mediator.zopim.com www.googleoptimize.com www.tripadvisor.com js.sentry-cdn.com api.openweathermap.org photorankstatics-a.akamaihd.net polyfill.io cdn.jsdelivr.net www.google.com cdn.denomatic.com *.smartvel.com *.clarity.ms *.ditu.live.com; report-uri https://minorhotels.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' inform.okta.com *.oktacdn.com; connect-src 'self' inform.okta.com inform-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com inform.kerberos.okta.com inform.mtls.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' inform.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' inform.okta.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' inform.okta.com inform-admin.okta.com login.okta.com; img-src 'self' inform.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com data: blob:; font-src 'self' inform.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.newsweek.pl::PROD 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1
report-uri /report-violation; form-action 'self' https://*.formlabs.com https://*.marketo.com https://www.facebook.com/tr/; base-uri 'self'; object-src https://formlabs.com https://*.formlabs.com http://localhost:3001; frame-ancestors https://partneruniversity-formlabs.talentlms.com https://university-formlabs.talentlms.com https://internal-formlabs.talentlms.com https://formlabs.com https://*.formlabs.com https://dental.formlabs.com https://careers.formlabs.com http://localhost:3000; upgrade-insecure-requests 1
default-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; require-trusted-types-for 'script'; object-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.voegol.com.br maxcdn.bootstrapcdn.com sdk.inbenta.io gateway.foresee.com; form-action  b2c.voegol.com.br *.facebook.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.voegol.com.br geolocation.onetrust.com www.clarity.ms www.google-analytics.com *.doubleclick.net cdn.cookielaw.org *.hotjar.com *.facebook.com analytics.google.com *.taboola.com analytics.foresee.com beacon.krxd.net sp.analytics.yahoo.com www.googletagmanager.com g.clarity.ms brain.foresee.com api-gcb02.inbenta.io www.google.com jslog.krxd.net e.clarity.ms f.clarity.ms www.google.com.br d.clarity.ms v2.afilio.com.br *.tiktok.com adservice.google.com privacyportal-br.onetrust.com h.clarity.ms bf57477xkp.bf.dynatrace.com i.clarity.ms j.clarity.ms a.clarity.ms b.clarity.ms k.clarity.ms l.clarity.ms vc.hotjar.io www.google.ca bat.bing.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.voegol.com.br fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net cdn.inbenta.io; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google.com cdn.krxd.net www.voegol.com.br *.criteo.net www.googletagmanager.com *.facebook.com *.hotjar.com *.criteo.com us.creativecdn.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net www.voegol.com.br *.criteo.com a.clarity.ms www.google.com *.tiktok.com www.gstatic.com static.dynaton.com.br sdk.inbenta.io *.hotjar.com f.clarity.ms e.clarity.ms www.clarity.ms www.google-analytics.com *.googleadservices.com tags.crwdcntrl.net d.clarity.ms gateway.foresee.com *.criteo.net www.googletagmanager.com s.yimg.com *.twitter.com consumer.krxd.net *.cloudfront.net cdn.jsdelivr.net *.taboola.com beacon.krxd.net *.doubleclick.net secure.afilio.com.br static.voegol.com.br g.clarity.ms *.ads-twitter.com h.clarity.ms cdn.cookielaw.org bat.bing.com i.clarity.ms js-cdn.dynatrace.com geolocation.onetrust.com j.clarity.ms l.clarity.ms cdn.krxd.net k.clarity.ms; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com contextual.media.net adservice.google.com t.co *.facebook.net *.demdex.net ad.as.amanad.adtdp.com *.addthis.com match.adsrvr.org beacon.krxd.net ib.adnxs.com idsync.rlcdn.com www.google.com.br c.bing.com sp.analytics.yahoo.com www.google-analytics.com adgen.socdm.com *.twitter.com *.casalemedia.com sync.outbrain.com criteo-sync.teads.tv www.google.ca trends.revcontent.com *.rubiconproject.com cs.adingo.jp *.criteo.com ad.360yield.com ad.tpmn.co.kr t.dynaton.com.br cdn.cookielaw.org analytics.google.com www.voegol.com.br eb2.3lift.com static.voegol.com.br d.turn.com ups.analytics.yahoo.com adservice.google.com.br jslog.krxd.net partner.mediawallahscript.com tg.socdm.com www.googletagmanager.com gateway.foresee.com secure.adnxs.com bat.bing.com www.gstatic.com *.taboola.com pixel.advertising.com ads.yahoo.com *.facebook.com s.ad.smaato.net pixel.tapad.com sdk.inbenta.io b2c.voegol.com.br *.doubleclick.net *.bidswitch.net; report-uri /csp_report 1
default-src 'none';upgrade-insecure-requests;style-src https: 'unsafe-inline';font-src https: data:;img-src https: data:;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com https://browser.events.data.microsoft.com;frame-src https://login.windows-ppe.net https://login.live.com https://login.live-int.com;worker-src 'self' blob:;child-src 'self' blob:;report-uri /api/csp-report?page=Unauth&reportOnly=True;script-src 'nonce-7PcZ++PQCtOIsipKbfKsKw==' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic'; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-477765baba9186dae720448bafa6b1bc' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src https: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nr-data.net *.paypalobjects.com *.analytics-egain.com *.trustpilot.com *.newrelic.com *.kk-resources.com *.redditstatic.com *.chainreactioncycles.com *.google.com *.criteo.net *.melissadata.net *.mention-me.com *.bazaarvoice.com www.zenaps.com *.scene7.com the.sciencebehindecommerce.com *.adyen.com seal.digicert.com vars.hotjar.com *.hotjar.com *.criteo.com lantern.roeyecdn.com *.cloudfront.net *.bing.com tracker.marinsm.com *.facebook.net *.trustarc.com *.google-analytics.com www.googletagmanager.com *.scene7.com www.dwin1.com www.googleoptimize.com data:; style-src * 'unsafe-inline'; default-src *.melissadata.net *.sciencebehindecommerce.com *.truste.com *.chainreactioncycles.com *.facebook.com *.hotjar.com *.hotjar.io *.gstatic.com *.bing.com *.googleapis.com *.trustarc.com *.google-analytics.com *.cloudfront.net *.googleoptimize.com; img-src * data:; object-src 'none'; connect-src * ; frame-src * data:; script-src-elem 'unsafe-inline' *.chainreactioncycles.com *.digicert.com *.criteo.com *.google.com *.kk-resources.com www.redditstatic.com analytics.analytics-egain.com js-agent.newrelic.com widget.trustpilot.com bam.nr-data.net www.paypalobjects.com www.googleoptimize.com lantern.roeyecdn.com www.googleadservices.com media.chainreactioncycles.com tracker.marinsm.com *.adyen.com sslwidget.criteo.com *.bazaarvoice.com *.hotjar.com *.googletagmanager.com bat.bing.com www.zenaps.com *.cloudfront.net static.criteo.net *.google-analytics.com www.dwin1.com *.mention-me.com *.facebook.net *.trustarc.com the.sciencebehindecommerce.com *.scene7.com mpsnare.iesnare.com seal.digicert.com9 data:; style-src-elem * 'unsafe-inline'; font-src * data: ; media-src * data:; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri /csp-report.jsp; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://cdn.paddle.com https://checkout.paddle.com https://*.zopim.com https://*.zdassets.com; frame-src https://www.google.com/ https://optimize.google.com https://checkout.paddle.com https://buy.paddle.com https://create-checkout.paddle.com; connect-src 'self' https://d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://analytics.paddle.com https://browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://js.stripe.com/v3/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://assets.bwbx.io https://developer.apple.com https://images.ctfassets.net https://images.unsplash.com/ https://lh3.googleusercontent.com https://nftgimagebucket.s3-us-west-1.amazonaws.com https://pixel.nymag.com https://res.cloudinary.com https://media.niftygateway.com https://s3-us-west-1.amazonaws.com https://www.facebook.com/tr/ https://www.google-analytics.com/; connect-src https://api.niftygateway.com https://host-vdgrw7.api.swiftype.com https://notify.bugsnag.com https://sessions.bugsnag.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com; font-src https://fonts.gstatic.com 'self'; object-src 'self'; media-src https://res.cloudinary.com/nifty-gateway/ https://media.niftygateway.com; frame-src https://vars.hotjar.com https://js.stripe.com/v3/; frame-ancestors 'self' 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-b36e83ba50e2b28e5aa7b409' 'strict-dynamic' 'report-sample'  https://*.criteo.com https://static.criteo.net ; worker-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://csp.tourradar.com 1
default-src 'self' *.walmartimages.com; script-src 'self' 'strict-dynamic' drfdisvc.walmart.com cdn.quantummetric.com *.px-cloud.net *.wal.co *.developer.walmart.com beacon.walmart.com i5.walmartimages.com www.recaptcha.net connect.facebook.net *.buywith.com 'nonce-o77Y2JCh8DEBggnN'; style-src 'self' 'unsafe-inline' *.walmartimages.com *.wal.co walmart.sspinc.io; font-src 'self' i5.walmartimages.com *.wal.co fonts.gstatic.com fonts.googleapis.com; img-src 'self' *.walmartimages.com *.online-metrix.net drfdisvc.walmart.com tpc.googlesyndication.com crs.midas.stg.prod.us.walmart.net wrd.walmart.com receipts-query.edge.walmart.com data: *.wal.co www.facebook.com cyborg-wm-auth-service-v2.jet.com maps.googleapis.com securepubads.g.doubleclick.net ad.doubleclick.net tps.doubleverify.com static.adsafeprotected.com pixel.adsafeprotected.com secure-gl.imrworldwide.com ir.surveywall-api.survata.com cdn.doubleverify.com s0.2mdn.net www.gstatic.com *.px-cloud.net collector-pxu6b0qd2s.px-cdn.net beacon.walmart.com cdn-assets.affirm.com res.cloudinary.com *.zeekit.me maps.gstatic.com; connect-src 'self' *.walmartimages.com walmart.sspinc.io c.sspinc.io fitpredictor-api.sspinc.io beacon.walmart.com *.developer.walmart.com *.px-cloud.net collector-pxu6b0qd2s.px-cdn.net *.pxchk.net *.perimeterx.net drfdisvc.walmart.com walmart-sync.quantummetric.com quimby.mobile.walmart.com csp.walmart.com *.wal.co www.facebook.com directline.botframework.com wss://directline.botframework.com chat-qa.walmart.com walmart-sync.quantummetric.com tps.doubleverify.com stats.g.doubleclick.net spendanalyzer-proxy.dev.walmart.com tax-app.prod.pgtax.tax.prod.walmart.com *.doubleclick.net gum.criteo.com ib.adnxs.com tap.walmart.com identity.walmart.com maps.googleapis.com maps.gstatic.com *.quantummetric.com i.liadm.com i6.liadm.com dw.wmt.co idsync.rlcdn.com secure.adnxs.com azmatch.adsrvr.org api.waiting-room.walmart.com; object-src drfdisvc.walmart.com; frame-src 'self' *.walmartimages.com adclick.g.doubleclick.net drfdisvc.walmart.com *.quantummetric.com tap.walmart.com www.facebook.com www.recaptcha.net tpc.googlesyndication.com *.online-metrix.net www.google.com *.buywith.com identity.walmart.com wallet.walmart.com www.affirm.com embed.eko.com; frame-ancestors 'self' www.walmart.com preview.cxtools.walmart.com wallet.walmart.com; media-src cyborg-wm-auth-service-v2.jet.com *.walmartimages.com; report-uri https://csp.walmart.com/c/r/gl 1
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=website-grader-ui/static-1.1257/html/public-en.html&cfRay=70e16af79e5796e7-IAD 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=sites 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
frame-ancestors 'self'; report-uri /radar/violationreport.php; base-uri 'self'; object-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-rand1653015605' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' http: https:; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://script.hotjar.com/; object-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.facebook.net https://*.sascdn.com https://*.smartadserver.com https://*.addthis.com https://*.pinterest.com https://*.designconnected.com https://maps.googleapis.com https://www.gstatic.com https://www.linkedin.com https://*.addthisedge.com https://*.doubleclick.net https://www.googleadservices.com https://*.facebook.com https://*.adform.net https://code.createjs.com https://d31qbv1cthcecs.cloudfront.net https://assets.adsttc.com/insights/ https://s.pinimg.com/ct/ https://www.googleoptimize.com https://*.hotjar.com https://z.moatads.com https://cdn.pushalert.co https://ced-ns.sascdn.com https://www.google.es https://www.google.it https://www.google.fr https://www.google.ch; connect-src 'self' https://capi.architonic.com https://*.smartadserver.com https://*.addthis.com https://www.google-analytics.com https://*.doubleclick.net https://*.addthis.com https://www.facebook.com https://*.adform.net https://www.google.com https://www.instagram.com https://ct.pinterest.com https://*.hotjar.com https://*.hotjar.io https://architonic82.pushalert.co https://api.pushalert.co https://id5-sync.com; img-src data: https://*; child-src data: https://www.facebook.com https://connect.facebook.net https://*.addthis.com https://www.designconnected.com https://www.googletagmanager.com https://www.google.com https://www.youtube-nocookie.com https://*.doubleclick.net https://assets.pinterest.com  https://*.smartadserver.com https://player.vimeo.com https://creatives.sascdn.com https://*.hotjar.com https://ct.pinterest.com; worker-src blob: https://s.ads.smartadserver.com https://www.architonic.com; frame-src https://*.pinterest.com https://www.facebook.com https://vars.hotjar.com https://creatives.sascdn.com https://*.addthis.com https://www.google.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net; report-uri https://8bccfb85f92743dccb8ce984043b12e3.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'report-sample' 'self' 'sha256-BiNyGbGZEG1ZcMWhdKvmZ1DwYSpvZ8xcAxRrIag59sQ=' 'sha256-p96cet82gMKBOah5xqTlTC1NImfgmfwp9xhnLYsv45Q=' 'sha256-K7F5t+0jCUOcvI0w5XCLORVrRe6Cl7fcvsyOhpNlvRA=' 'sha256-osJOIDsvZzKR6jjDkmJzOK/lCl+6P59lwiMwf2WwwX0=' 'sha256-ech7dK56PGMmo3zLhyCe9XpUu/4+pGU11bUeBEpq56o=' 'sha256-5aTBNtoMSFGD0AJ9+0YPRibd5APCDzFjjKtA16wQik8=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-DHkQzQeawSI3bMDJPOulIinzX/ih38goNk2cvBZsgPM=' 'sha256-LjOYZt74qQlHixQckZ1K+NyxwGO8jPc/zUDhd43i7qY=' 'sha256-C6r1Uv+2BkE8Qjrq+iYLyfsjck3nrA/PhDEE1u7CHtk=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-BxUWVs1+UwaUImPFWmLpOCjBDGTFuFcwcXgQwKyVSYU=' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976618339/ https://a.clickcertain.com/px/smart/a/ https://a.remarketstats.com/px/smart/; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com https://a.clickcertain.com/; img-src 'self' https://www.google-analytics.com https://www.google.com https://www.google.pl; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vtb.ru; style-src data: blob: 'unsafe-inline' https://*; img-src data: blob: https://*; connect-src blob: 'self' https://*.vtb.ru; object-src blob: 'self' https://*; font-src data: blob: 'self' https://*; worker-src blob: 'self' https://*.vtb.ru; media-src data: blob: filesystem: 'self' https://*; manifest-src 'self' 1
default-src 'self' givingassistant.org *.givingassistant.org; script-sr