Values for content-security-policy-report-only: script-src https: blob: 'unsafe-inline' 'unsafe-eval' 'self';base-uri 'self';report-uri https://reporting-api.gannettinnovation.com;report-to default 265 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 150 frame-ancestors 'self'; report-uri /csp_logger 133 102 ; report-uri https://admin.blog.fc2.com/csp-reports; report-to blog-front-csp-endpoint 83 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport 76 frame-ancestors 'self' 68 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 56 default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 42 report-uri /report-csp-violation 41 script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/api.js https://translate.google.com/translate_a/element.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.bstT_o4sVuI.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist 31 block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 29 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 27 default-src 'unsafe-inline' 'unsafe-eval' data: *.aliyun.com *.alicdn.com *.aliyuncs.com *.alibabacloud.com *.console.aliyun.com *.aplus.aliyun.com aliyun-web-tracker.cn-zhangjiakou.log.aliyuncs.com one-second-campaign.cn-hangzhou.log.aliyuncs.com cloud.video.taobao.com *.mmstat.com bdc.alibabachengdun.com *.alibaba.com *.taobao.com *.alipay.com; report-uri //www.aliyun.com/api/log/csp-report 26 default-src 'self' 23 script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/api.js https://payments.google.com/payments/v4/js/integrator.js https://clients2.google.com/gr/gr_full_2.0.6.js https://ssl.gstatic.com/external_hosted/lottie/lottie.js https://clients2.google.com/gr/gr_sync.js https://www.google-analytics.com/analytics.js https://payments.sandbox.google.com/payments/v4/js/integrator.js https://translate.google.com/translate_a/element.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.google.com/js/bg/ https://www.gstatic.com/_/boq-play/_/js/k=boq-play.PlayStoreUi.en_US._DeU2p8Ydgs.2021.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/ https://payments.youtube.com/payments/v4/js/integrator.js https://payments.cloud.google/payments/v4/js/integrator.js;report-uri /_/PlayStoreUi/cspreport/fine-allowlist 21 script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-recaptcha/_/js/k=boq-recaptcha.RecaptchaChallengePageUi.en_US.Ok0fQxTzLnU.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/fine-allowlist 20 font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com bid.g.doubleclick.net https://www.google.com/ https://www.youtube.com/ *.youtube-nocookie.com *.adyen.com pay.google.com *.paypal.com www.google.com www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.googleapis.com *.gstatic.com https://images.unsplash.com *.bing.com www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ https://www.google.dk/ *.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://bid.g.doubleclick.net https://kaffekapslen.dk/ *.kaffekapslen.dk/ *.klarnacdn.net https://kaffekapslen.media *.pinterest.com/ *.cloudinary.com/ https://www.googletagmanager.com/ https://app.usercentrics.eu/ data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.jsdelivr.net *.newrelic.com gtm.adt313.net *.bing.com *.facebook.net bam.eu01.nr-data.net https://www.google.com https://googleads.g.doubleclick.net https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms *.klarnacdn.net https://s.pinimg.com https://apis.google.com/ https://cdn.matomo.cloud/ https://widgets.trustedshops.com/ *.usercentrics.eu/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.adyen.com *.google.com https://www.google.com payments-eu.amazon.com *.paypal.com *.googleapis.com bam.eu01.nr-data.net *.clarity.ms www.facebook.com eu.playground.klarnaevt.com *.adt611.com *.pinterest.com/ *.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://googleads.g.doubleclick.net https://bat.bing.com/ *.analytics.google.com/ https://kaffekapslen.matomo.cloud/ https://api.usercentrics.eu/ https://pagead2.googlesyndication.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 20 frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 19 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com lampenlicht.nl *.lampenlicht.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com https://plumrocket.com consentcdn.cookiebot.com gum.criteo.com qlfbrands.my.salesforce.com td.doubleclick.net fledge.eu.criteo.com www.facebook.com static.criteo.net qlflivechat.secure.force.com qlfbrands.my.salesforce-sites.com www.paypalobjects.com gumi.criteo.com www.awin1.com 'self' 'unsafe-inline'; img-src cdn.lampenlicht.nl widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com https://images.unsplash.com lampenlicht.nl *.lampenlicht.nl eprel.ec.europa.eu cdn.flbx.io *.cloudfront.net imgsct.cookiebot.com www.keurmerk.info *.fittinq.com bat.bing.com px.ads.linkedin.com *.google.com www.google.de www.google.pl www.google.nl www.google.fr www.google.gr www.google.be www.google.si www.google.hu www.google.ie www.google.lt www.google.ro www.google.se www.google.hr www.google.es www.google.it www.google.rs www.google.lv www.google.bg www.google.ba www.google.ch www.google.sk www.google.pt www.google.ee www.google.cz www.google.at www.google.co.uk www.google.co.in www.google.dk www.google.no www.google.com.ua www.google.fi www.facebook.com *.clarity.ms stats.g.doubleclick.net lantern.roeye.com www.zenaps.com www.instagram.com www.bizrate.com www.wepowerconnections.com www.awin1.com www.webshoptrustmark.be csm.nl3.eu.criteo.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: https: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.adyen.com *.avada.io lampenlicht.nl *.lampenlicht.nl *.webeyez.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com consent.cookiebot.com mintminds.fittinq.com cdn.evgnet.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn.flbx.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com https://get.geojs.io *.avada.io lampenlicht.nl *.lampenlicht.nl *.webeyez.com *.evergage.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com *.getflowbox.com eu.api.fpjs.io maps.googleapis.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.clarity.ms p.biano.nl p.biano.hu p.biano.ro p.biano.pt p.biano.it p.biano.sk p.biano.cz www.google.com www.google.nl px.ads.linkedin.com *.criteo.com bat.bing.com cdn.growthbook.io www.facebook.com ct.beslist.nl stats.g.doubleclick.net vc.hotjar.io consent.cookiebot.com the.sciencebehindecommerce.com www.wepowerconnections.com qlfbrands-communities.force.com c.bannerflow.net *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 18 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample'; report-uri /csp_report 17 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 17 upgrade-insecure-requests; 16 default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 14 report-uri /report-csp-violation; upgrade-insecure-requests 13 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 12 font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.instagram.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.cdninstagram.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.google.com.pa *.sportline.com.pa 'self' data: *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.apptrian.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.sportline.com.pa *.pangle-ads.com *.adobedtm.com *.google.com *.google-analytics.com *.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.google.com *.typekit.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io beacon-audiences.magento-ds.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com *.facebook.net *.clarity.ms get.geojs.io stats.g.doubleclick.net *.zdassets.com *.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net *.klaviyo.com *.xtento.com *.tiktok.com *.google.com *.sportline.com.pa *.pangle-ads.com assets.adobedtm.com *.adobedtm.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 12 default-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googletagmanager.com; font-src 'self' https://themes.googleusercontent.com fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com https://www.vimeo.com; img-src 'self' https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://*.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com unpkg.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; block-all-mixed-content 12 default-src 'self';base-uri 'none';frame-ancestors 'self';frame-src 'self' 5164101.fls.doubleclick.net apps.rokt.com audible.demdex.net bs.serving-sys.com s.amazon-adsystem.com td.doubleclick.net tr.snapchat.com www.facebook.com;style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com;script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com/bat.js bat.bing.com/p/action/4004590.js bat.bing.com/p/insights/s/0.7.20 bat.bing.com/p/insights/t/4004590 connect.facebook.net d.impactradius-event.com d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com sc-static.net siteintercept.qualtrics.com tr.snapchat.com www.googleadservices.com/pagead/conversion/ www.googletagmanager.com zn5ygnnjlk4oo0dy1-audible.siteintercept.qualtrics.com;media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk samples.audible.com;object-src 'none';connect-src 'self' adservice.google.com/pagead/regclk api.audible.com audible.sc.omtrdc.net/b/ss/ audible.tt.omtrdc.net/rest/v1/delivery bat.bing.com/p/insights/c/ dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ siteintercept.qualtrics.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com www.audible.com www.facebook.com/tr/ www.google.com/pagead/landing;font-src www.audible.com m.media-amazon.com;img-src 'self' ad.doubleclick.net bat.bing.com/action/0 fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com s.amazon-adsystem.com/iui3 www.facebook.com www.google.ca/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.ee/pagead/1p-user-list/ www.google.pt/pagead/1p-user-list/ www.google.ro/pagead/1p-user-list/ www.google.se/pagead/1p-user-list/ www.google.co.cr/pagead/1p-user-list/ www.google.co.il/pagead/1p-user-list/ www.google.co.in/pagead/1p-user-list/ www.google.co.ke/pagead/1p-user-list/ www.google.co.kr/pagead/1p-user-list/ www.google.co.nz/pagead/1p-user-list/ www.google.co.th/pagead/1p-user-list/ www.google.co.uk/pagead/1p-user-list/ www.google.co.za/pagead/1p-user-list/ www.google.com.ar/pagead/1p-user-list/ www.google.com.br/pagead/1p-user-list/ www.google.com.co/pagead/1p-user-list/ www.google.com.do/pagead/1p-user-list/ www.google.com.ec/pagead/1p-user-list/ www.google.com.hk/pagead/1p-user-list/ www.google.com.jm/pagead/1p-user-list/ www.google.com.mx/pagead/1p-user-list/ www.google.com.my/pagead/1p-user-list/ www.google.com.ng/pagead/1p-user-list/ www.google.com.pa/pagead/1p-user-list/ www.google.com.pe/pagead/1p-user-list/ www.google.com.ph/pagead/1p-user-list/ www.google.com.pk/pagead/1p-user-list/ www.google.com.sg/pagead/1p-user-list/ www.google.com/pagead/1p-user-list/ www.google.de/pagead/1p-user-list/ www.google.dk/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.ie/pagead/1p-user-list/ www.google.no/pagead/1p-user-list/ www.googleadservices.com/pagead/conversion/ www.googletagmanager.com 11 default-src https: data: 'unsafe-inline' 'unsafe-eval' 11 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 11 font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.io https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com www.jsctool.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.io https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com d.ratepay.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com 'self' data: *.gstatic.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.io https://*.yieldify.com https://i.cdn.nrholding.net https://*.sendtric.com network-eu-a.bazaarvoice.com assets-v2.yieldify.com *.cookiepro.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.sharethis.com *.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com d.ratepay.com www.jsctool.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com geowidget.inpost.pl sandbox-easy-geowidget-sdk.easypack24.net widget.packeta.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.io https://*.pinimg.com https://*.daktela.com https://www.dwin1.com https://www.gstatic.com/recaptcha static.r66net.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com d.ratepay.com unsafe-inline assets.braintreegateway.com *.gstatic.com tagmanager.google.com geowidget.inpost.pl widget.packeta.com https://*.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net www.lindt-spruengli.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com *.sharethis.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv d.ratepay.com www.jsctool.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com wss://*.hotjar.io https://geolocation.onetrust.com https://*.googleapis.com https://*.daktela.com https://cdn.tailwindcss.com https://sgtm.lindt.se sgtm.lindt.se sgtm.lindt.dk sgtm.lindt.cz sgtm.lindt.de sgtm.lindt.es sgtm.lindt.fr sgtm.lindt.it sgtm.lindt.hu sgtm.lindt.co.uk sgtm.lindt.com.nl sgtm.lindt.pl sgtm.lindt.at geolocation.onetrust.com sgtm.lindt.sk sgtm.lindt.fi 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com https://cdn.tailwindcss.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 11 script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.youtube.com/iframe_api https://translate.google.com/translate_a/element.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-chrome-webstore/_/js/k=boq-chrome-webstore.ChromeWebStoreConsumerFeUi.en_US.GuPw3atoGRg.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://www.youtube.com/s/player/ https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/ChromeWebStoreConsumerFeUi/cspreport/fine-allowlist 11 frame-ancestors 'self' https://*.yahooinc.com; object-src 'none'; script-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=yahooinc; 10 default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 10 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 10 default-src 'self'; 10 font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com cdn.shopify.com fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * secure.payu.com merch-prod.snd.payu.com *.yotpo.com swellrewards.com *.swellrewards.com https://www.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com *.yotpo.com swellrewards.com *.swellrewards.com www.xtento.com cdn.xtento.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com *.yotpo.com swellrewards.com *.swellrewards.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com ad4m.at amplify.outbrain.com analytics.tiktok.com api.bounce-commerce.de apis.google.com bat.bing.com c.seznam.cz cdn.debugbear.com cdn.segment.com cdn.taboola.com cdnapisec.kaltura.com connect.facebook.net ct.pinterest.com dynamic.criteo.com js.smct.co js.smct.io lantern.roeyecdn.com maps.googleapis.com o.gsitrix.com p.gsitrix.com pagead2.googlesyndication.com prclick.postaffiliatepro.com revi.io s.pinimg.com smct.co sslwidget.criteo.com static.botsrv.com static.runconverge.com the.sciencebehindecommerce.com tr.outbrain.com tr.snapchat.com trc.taboola.com wave.outbrain.com widgets.trustedshops.com www.awin1.com www.clarity.ms www.dwin1.com www.mczbf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com fonts.cdnfonts.com static-tracking.klaviyo.com static.botsrv2.com widgets.revi7.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.yotpo.com swellrewards.com *.swellrewards.com *.clarity.ms amplify.outbrain.com analytics.tiktok.com api-js.datadome.co api.bounce-commerce.de api.segment.io app.runconverge.com bat.bing.com bat.bing.net botsrv.com botsrv2.com cdn.segment.com cdnapisec.kaltura.com cfvod.kaltura.com cognito-identity.eu-west-1.amazonaws.com ct.pinterest.com dev.visualwebsiteoptimizer.com firehose.eu-west-1.amazonaws.com guarantee-log.trustedshops.com h.seznam.cz js.smct.co js.smct.io localhost:12387 maps.googleapis.com p.gsitrix.com pagead2.googlesyndication.com psb.taboola.com r1eu01.visualwebsiteoptimizer.com r2eu01.visualwebsiteoptimizer.com r3eu01.visualwebsiteoptimizer.com region1.google-analytics.com s.kelkoogroup.net stats.g.doubleclick.net the.sciencebehindecommerce.com tr.outbrain.com tr.snapchat.com tr6.snapchat.com trc-events.taboola.com trc.taboola.com widgets.revi7.com www.awinblackfriday.com www.facebook.com www.mczbf.com www.sensi2live.com www.wepowerconnections.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 10 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 9 report-uri https://cspr.app.rbb-cloud.de/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 9 default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 9 default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 8 frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 8 frame-ancestors 'self'; 8 frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 8 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 8 default-src 'self'; script-src 'self' maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com www.google.com *googlesyndication.com; media-src 'self'; frame-src 'self' gateway.switch.tj *.worldpay.com *.accdab.net *.trustarc.com *.youtube.com youtu.be *.starbucks.ie; font-src 'self' *.trustarc.com fonts.gstatic.com; connect-src 'self' maps.googleapis.com *.accdab.net *.trustarc.com bam.nr-data.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com report.starbucks.gbqofs.io stats.g.doubleclick.net adservice.google.com www.google.com *googlesyndication.com 8 default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; report-uri https://hi.report-uri.com/r/d/csp/reportOnly 8 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 7 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: data: ; img-src https: data: blob: ; media-src https: blob: ; worker-src https: blob: ; report-uri https://www.netflix.com/log/www/csp/1; 7 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 7 block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7 default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 7 child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/; report-to csp-endpoint 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com *.willistowerswatson *.wtwco.com https://www.google-analytics.com https://cdn.cookielaw.org https://www.googletagmanager.com *.coveo.com https://players.brightcove.net *.doubleclick.net https://munchkin.marketo.net https://bat.bing.com *.facebook.net *.facebook.com https://siteimproveanalytics.com *.linkedin.com *.mktoresp.com *.siteimproveanalytics.io data: blob:;report-uri /custom/api/csp/logviolation 7 default-src 'self' https://litium.revolutionrace.se *.tycka.io *.cdn-sitegainer.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.google-analytics.com s.pinimg.com bat.bing.com *.facebook.net *.tiktok.com *.revolutionrace.se *.googleadservices.com sc-static.net cdn.jsdelivr.net *.cloudflare.com *.criteo.net *.criteo.com *.snapchat.com *.distancify.workers.dev ct.pinterest.com *.doubleclick.net fbcdn.revolutionrace.se wss://fbcdn.revolutionrace.se *.bambuser.com *.facebook.com *.apptus.cloud recommender.scarabresearch.com *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.sitegainer.com *.scarabresearch.com *.emarsys.net *.symplify.com pro.ip-api.com *.pinterest.com cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.imedia.cz www.seznam.cz fonts.googleapis.com www.pinterest.se maxcdn.bootstrapcdn.com ajax.googleapis.com *.spinnaker-js.com *.kindlycdn.com player.vimeo.com vimeo.com *.kindly.ai ws-eu.pusher.com wss://sage.kindly.ai wss://ws-eu.pusher.com *.klarnaevt.com js.klarna.com *.adyen.com *.storyblok.com js.stripe.com fonts.gstatic.com *.revolutionrace.com *.digitaloceanspaces.com presumably-romantic-eel.edgecompute.app cust-revolutionrace.web.app www.paypal.com *.mention-me.com 'unsafe-inline' 'unsafe-eval'; img-src data: https://* 'self'; media-src https://*; connect-src *; 7 font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.cembrapay.ch cembrapay.ch 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.cembrapay.ch cembrapay.ch landofcoder.com maps.googleapis.com chart.googleapis.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com ai.stoeckli.ch red-mud-07164bb03-test.westeurope.5.azurestaticapps.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.bird.eu https://www.magezon.com www.cembrapay.ch cembrapay.ch www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.cembrapay.ch cembrapay.ch landofcoder.com maps.googleapis.com chart.googleapis.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.googletagmanager.com tagmanager.google.com https://7258763.collect.igodigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.cembrapay.ch cembrapay.ch landofcoder.com maps.googleapis.com chart.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com ai.stoeckli.ch red-mud-07164bb03-test.westeurope.5.azurestaticapps.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.cembrapay.ch cembrapay.ch test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7 frame-src 'self' www.youtube.com www.google.com js.playground.klarna.com js.klarna.com https://checkoutshopper-test.adyen.com https://pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com return.4sellers.de *.webpush.freshchat.com ct.pinterest.com vercel.live *.sovendus.com *.adyen.com *.dotdigital-pages.com dotdigital-pages.com gum.criteo.com fledge.eu.criteo.com *.cnstrc.com cnstrc.com graphical-editor.kameleoon.com *.vimeo.com vimeo.com 7 frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 6 require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 6 default-src 'self'; media-src https://static.zdassets.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://static.zdassets.com https://pmecdn.protonweb.com; style-src 'self' 'unsafe-inline' https://pmecdn.protonweb.com; font-src 'self' https://pmecdn.protonweb.com; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self' https://*.proton.me; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: wss: https:; report-uri https://l.iplsc.com/logger/ 6 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 6 default-src data: https: blob: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; img-src data: *; script-src 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' *; style-src 'unsafe-inline' 'unsafe-hashes' *; connect-src *; child-src *; font-src *; report-uri /_csp; report-to default 6 font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.googleapis.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ http://fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com credomatic.compassmerchantsolutions.com https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com mongepay.com conway.ddev.site https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ https://adobedtm.com assets.adobedtm.com dpm.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni https://www.facebook.com https://www.google.com *.flixcar.com *.flixfacts.com *.cnetcontent.com *.vimeo.com https://widgetapp.ocularsolution.com *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://notrack.indexado.pmbox.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://online.fliphtml5.com/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ https://fledge.teads.tv *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.grupomonge.tt.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com widget.ocularsolution.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://www.google.com https://www.google.com.co https://www.tiendamonge.com https://www.elgallomasgallo.com.ni https://www.prado.com.sv https://www.elgallomasgallo.com.hn https://www.elgallomasgallo.com.gt https://www.verdugotienda.com *.teads.tv *.scene7.com https://fichashppervasive.blob.core.windows.net https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com https://www.google.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://adobedtm.com fast.amc.demdex.net dpm.demdex.net *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni 'unsafe-inline' widget.ocularsolution.com cdn.cs.1worldsync.com https://ws.cs.1worldsync.com *.cloudflare.com https://bam.nr-data.net *.connect.facebook.net *.paypal.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.pingdom.net *.woorank.com *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com https://rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ https://grupomongeecommerceprd.112.2o7.net http://fonts.cdnfonts.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com widget.ocularsolution.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ http://fonts.cdnfonts.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.flixcar.com widget.ocularsolution.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://gmgdocumentos.blob.core.windows.net/ https://gmgecommerceprd.blob.core.windows.net/ https://analytics.tiktok.com *.firaonlive.com *.assets.adobedtm.com *.grupomonge.tt.omtrdc.net *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.grupomonge.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://adobedtm.com assets.adobedtm.com *.adobe.com fast.amc.demdex.net *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni wss://tm.filter:1502/ api.ocularsolution.com xml.ssreviewsportal.com *.cloudflare.com https://bam.nr-data.net *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv https://ocular-prod.api.rocio.ai *.ocularsolution.com *.flixcar.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://sandbox.migopayments.com/ https://web.migopayments.com/ https://analytics.tiktok.com *.firaonlive.com https://smetrics.verdugotienda.com *.assets.adobedtm.com *.smetrics.tiendamonge.com *.grupomonge.demdex.net *.s7d1.scene7.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com analytics.google.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * webpay3g.transbank.cl webpay3gint.transbank.cl *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com analytics.google.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://live.decidir.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com https://developers.decidir.com/ tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.googleapis.com *.vimeo.com *.afip.gob.ar *.google.com *.doubleclick.net *.cloudfront.net *.getblue.io *.mercadopago.com.ar *.mercadopago.com.uy *.mercadopago.com.co *.mercadopago.com.pe *.mercadopago.cl *.zdassets.com https://www.google.com.ar https://analytics.tiktok.com https://www.google.com https://track-icommkt.com https://notifications-icommkt.com https://bam.nr-data.net https://event.getblue.io/ https://apitestenv.vnforapps.com/ https://apiprod.vnforapps.com/ https://static-content-qas.vnforapps.com/ https://static-content.vnforapps.com/ *.google-analytics.com https://www.googletagmanager.com https://externalassets.icommarketing.com https://www.prunenews.com https://www.clarity.ms https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://live.decidir.com https://developers.decidir.com/ *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app https://merchants.playdigital.com.ar/ https://merchants.preprod.playdigital.com.ar/ https://ecommerce-modal.modo.com.ar/ https://ecommerce-modal.preprod.modo.com.ar/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 6 report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/wizard; 6 default-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.knowbe4.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.kmsat.kb4od.run https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com use.typekit.net ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 ; style-src 'self' 'unsafe-inline' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com https://fonts.googleapis.com/ p.typekit.net ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-eu-west-1 ; worker-src 'self' blob: data: ; 6 worker-src 'none'; 6 font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://resources.paytrail.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io connect.facebook.net twitter.com platform.twitter.com cdn.jsdelivr.net *.gstatic.com maps.googleapis.com applepay.cdn-apple.com *.trustpilot.com *.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://static.klaviyo.com *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.gstatic.com applepay.cdn-apple.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com https://helloretailcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 block-all-mixed-content;connect-src 'self' https://*.bimago.com https://bimago.com https://*.bimago.cz https://bimago.cz https://*.bimago.es https://bimago.es https://*.bimago.at https://bimago.at https://*.bimago.art https://bimago.art https://*.bimago.co.uk https://bimago.co.uk https://*.bimago.se https://bimago.se https://*.bimago.pl https://bimago.pl https://*.bimago.de https://bimago.de https://*.bimago.fr https://bimago.fr https://*.bimago.it https://bimago.it https://*.bimago.nl https://bimago.nl https://*.bimago.pt https://bimago.pt https://adyen.com https://*.adyen.com https://paypal.com https://*.paypal.com https://pay.google.com/gp/p/js/pay.js https://google.* https://*.google.* https://gstatic.com https://*.gstatic.com https://googletagmanager.com https://*.googletagmanager.com https://googleadservices.com https://*.googleadservices.com https://googlesyndication.com https://*.googlesyndication.com https://googleapis.com https://*.googleapis.com https://doubleclick.net https://*.doubleclick.net https://google-analytics.com https://*.google-analytics.com https://bing.* https://*.bing.* https://facebook.* https://*.facebook.* https://pinterest.* https://*.pinterest.* https://exponea.com https://*.exponea.com https://cookiebot.com https://*.cookiebot.com https://clarity.ms https://*.clarity.ms https://yotpo.com https://*.yotpo.com https://sentry.io https://*.sentry.io https://trustpilot.com https://*.trustpilot.com https://trustedshops.com https://*.trustedshops.com https://etrusted.com https://*.etrusted.com https://biano.com https://*.biano.com https://biano.cz https://*.biano.cz https://bianopixel.com https://*.bianopixel.com https://pinimg.com https://*.pinimg.com https://capig.stape.host;script-src 'self' https://*.bimago.com https://bimago.com https://*.bimago.cz https://bimago.cz https://*.bimago.es https://bimago.es https://*.bimago.at https://bimago.at https://*.bimago.art https://bimago.art https://*.bimago.co.uk https://bimago.co.uk https://*.bimago.se https://bimago.se https://*.bimago.pl https://bimago.pl https://*.bimago.de https://bimago.de https://*.bimago.fr https://bimago.fr https://*.bimago.it https://bimago.it https://*.bimago.nl https://bimago.nl https://*.bimago.pt https://bimago.pt https://adyen.com https://*.adyen.com https://paypal.com https://*.paypal.com https://pay.google.com/gp/p/js/pay.js https://google.* https://*.google.* https://gstatic.com https://*.gstatic.com https://googletagmanager.com https://*.googletagmanager.com https://googleadservices.com https://*.googleadservices.com https://googlesyndication.com https://*.googlesyndication.com https://googleapis.com https://*.googleapis.com https://doubleclick.net https://*.doubleclick.net https://google-analytics.com https://*.google-analytics.com https://bing.* https://*.bing.* https://facebook.* https://*.facebook.* https://pinterest.* https://*.pinterest.* https://exponea.com https://*.exponea.com https://cookiebot.com https://*.cookiebot.com https://clarity.ms https://*.clarity.ms https://yotpo.com https://*.yotpo.com https://sentry.io https://*.sentry.io https://trustpilot.com https://*.trustpilot.com https://trustedshops.com https://*.trustedshops.com https://etrusted.com https://*.etrusted.com https://biano.com https://*.biano.com https://biano.cz https://*.biano.cz https://bianopixel.com https://*.bianopixel.com https://pinimg.com https://*.pinimg.com https://capig.stape.host;frame-src 'self' https://*;frame-ancestors https://acss-cms.prod.artgeist.co;default-src 'self';img-src 'self' data: blob: https://*;media-src 'self' data: blob: https://*;style-src 'self' 'unsafe-inline' https://*;object-src 'none';font-src 'self' data: https://*;navigate-to 'self' https://*;base-uri 'self' https://*;worker-src 'self';manifest-src 'self'; 6 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 5 default-src 'none'; frame-ancestors 'none'; connect-src 'self' www.ntppool.org st.ntppool.org 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; form-action 'self' mailform.ntppool.org checkout.stripe.com; img-src 'self' st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org js.stripe.com; style-src 'self' fonts.googleapis.com st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntppool.report-uri.com/r/t/csp/wizard 5 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 5 object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src * 'report-sample' 'unsafe-inline'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 5 default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 5 script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ntdsgswbsc:55:0 5 connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; font-src https: blob: data:; frame-ancestors 'self'; img-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org; report-uri /api/csp_report 5 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.doubleclick.net *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.paypal.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googleadservices.com *.facebook.com trengo.s3.eu-central-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googlesyndication.com *.googleadservices.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.facebook.net *.widget.trengo.eu s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.widget.trengo.eu 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com *.google.com *.google.rs *.google.hr *.google.ba *.google.si *.google.bg *.google.me *.google.mk *.google.nl *.google.de *.google.be *.google.fr *.googlesyndication.com *.doubleclick.net *.facebook.com *.trengo.eu ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 font-src fonts.googleapis.com x.klarnacdn.net cdn.elev.io maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ policy.app.cookieinformation.com ct.pinterest.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com messenger-edge.dixa.io messenger.dixa.io www.googletagmanager.com *.klarna.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.dk *.facebook.com bat.bing.com stats.g.doubleclick.net *.sleeknote.com parametre.online *.ditur.dk *.ditur.no *.ditur.se *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl *.avile.dk tr.snapchat.com tr6.snapchat.com *.etrusted.com *.trustedshops.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com https://redchamps.com *.klarna.com *.klarnaevt.com *.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.reaktion.com policy.app.cookieinformation.com policy.cookieinformation.com *.facebook.net script.parametre.online ct.pinterest.com s.pinimg.com bat.bing.com *.tiktok.com *.sleeknote.com *.getdrip.com *.cloudfront.net *.kameleoon.eu *.kameleoon.io *.fontawesome.com *.ditur.dk *.ditur.se *.ditur.no *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl messenger.dixa.io sc-static.net tr.snapchat.com cdn.elev.io *.clarity.ms static.cloudflareinsights.com *.trustedshops.com *.etrusted.com *.getzowie.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.klarnacdn.net *.klarna.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.products.kameleoon.com x.klarnacdn.net fonts.googleapis.com *.etrusted.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.reaktion.com *.cookieinformation.com google.com *.google.com googleads.g.doubleclick.net *.pinterest.com *.tiktok.com *.ditur.dk *.ditur.no *.ditur.se *.ditur.de *.ditur.fi *.ditur.com *.ditur.fr *.ditur.pl *.avile.dk api.products.kameleoon.com *.kameleoon.eu data.kameleoon.io *.fontawesome.com bat.bing.com invitejs.trustpilot.com tr.snapchat.com tr6.snapchat.com messenger-edge.dixa.io region1.google-analytics.com cdn.elev.io ipa.elev.io events.elev.io *.clarity.ms pagead2.googlesyndication.com *.etrusted.com *.getzowie.com analytics.sleeknote.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.klarnacdn.net *.klarna.com *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 default-src 'self' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.knowbe4.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.kmsat.kb4od.run https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com use.typekit.net ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 ; style-src 'self' 'unsafe-inline' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.kmsat.kb4od.run https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/kmsat-development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://s3.amazonaws.com/helpimg-kmsat-development-us-east-1/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com https://fonts.googleapis.com/ p.typekit.net ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-us-east-1 ; worker-src 'self' blob: data: ; 5 default-src 'self'; script-src 'report-sample' 'self' https://js.qualified.com/qualified.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qualified.com wss://ws.qualified.com; font-src 'self'; frame-src 'self' https://app.qualified.com; img-src 'self' data: https://dms6j3xpg18d6.cloudfront.net https://d3s86tfxelgbdj.cloudfront.net https://huntscanlon.com https://images.cointelegraph.com https://mma.prnewswire.com https://s.yimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 5 script-src 'self' https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com; report-uri /csp-report; 5 script-src 'self' 5 script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/api.js https://translate.google.com/translate_a/element.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.BYJD_DaRY7M.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist 5 default-src * 'unsafe-inline' 'unsafe-eval'; report-to report; report-uri /?_task=background&_action=csp_report 5 default-src 'self'; img-src * 5 frame-ancestors 'self' *.appsflyer.com; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub077056148e159580585c94fcee3c8801&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=marketing_appsflyer_com 4 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 4 base-uri 'self'; connect-src 'self' https://*.google.com https://ada.matomo.cloud https://boards-api.greenhouse.io https://images.prismic.io https://o43253.ingest.sentry.io https://pagead2.googlesyndication.com https://www.gstatic.com https://bat.bing.com https://*.clarity.ms; default-src 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; frame-src https://*.enterprise.ada.com https://boards.greenhouse.io https://insight.adsrvr.org https://td.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com; img-src 'self' data: https://ada.matomo.cloud https://adahealth.cdn.prismic.io https://assets.ada.com https://connect.facebook.net https://googleads.g.doubleclick.net https://images.prismic.io https://prismic-io.s3.amazonaws.com https://www.facebook.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://bat.bing.com https://*.clarity.ms; manifest-src 'self'; media-src 'self' https://adahealth.cdn.prismic.io; script-src 'self' 'unsafe-inline' https://*.matomo.cloud https://boards.greenhouse.io https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://bat.bing.com https://www.clarity.ms; style-src 'self' 'unsafe-inline'; 4 object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://google.com https://www.google.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 4 worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js; report-to csp-endpoint; script-src 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org client-api.arkoselabs.com connect.facebook.net developers.kakao.com interactives.ap.org js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com static.captchami.com tiktok.captchami.com unpkg.com www.facebook.net www.vimeo.com; report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=Zm6jHcglbkT17wbeLYnRh&v=7 4 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://www.e2open.com?gdsih-csp-report; 4 img-src https: data: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.brightcove.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com *.google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dock.ui.bosch.tech https://www.googletagmanager.com https://www.google-analytics.com https://btm.bosch.com https://www.youtube.com https://maps.google.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://search.internet.bosch.com https://bosch-i3-caas-api.e-spirit.cloud https://*.google-analytics.com https://www.googletagmanager.com https://endpoint.chatbot-suite.bosch.tech https://maps.googleapis.com https://btm.bosch.com https://cx.bosch-so.com https://dock.ui.bosch.tech; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://crdostaticwebsite337215.z6.web.core.windows.net; img-src 'self' data: https://assets.bosch.com https://www.googletagmanager.com https://www.google-analytics.com https://i.ytimg.com https://maps.google.com https://maps.gstatic.com; manifest-src 'self'; media-src 'self' https://assets.bosch.com; style-src-elem 'self' 'unsafe-inline' https://btm.bosch.com https://fonts.googleapis.com https://webchatplugins.blob.core.windows.net; worker-src 'none'; report-uri https://o4508243129991168.ingest.de.sentry.io/api/4508243155288144/security/?sentry_key=2f9480313f00b63a26560fd685315765; report-to csp-endpoint 4 default-src 'self' blob: *; img-src 'self' data: *; script-src 'self' blob: * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; font-src 'self' data: *; connect-src *; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 4 font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.bglobale.com *.global-e.com *.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getalma.eu *.bglobale.com *.global-e.com *.google.com/ *.addthis.com consentcdn.cookiebot.com *.pinterest.com *.doubleclick.net *.onestock-retail.com/ payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bglobale.com *.global-e.com *.gstatic.com *.googleapis.com https://www.magezon.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.bglobale.com *.global-e.com maps.googleapis.com *.google.com maps.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com https://maps.googleapis.com *.hsforms.net *.hsforms.com *.gstatic.com *.addthisedge.com *.moatads.com *.addthis.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.bglobale.com *.global-e.com *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu maps.googleapis.com https://nominatim.openstreetmap.org https://maps.googleapis.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.addthis.com payment.direct.worldline-solutions.com payment.preprod.direct.worldline-solutions.com payment.anzworldline-solutions.com.au payment.preprod.anzworldline-solutions.com.au payment.payone.com payment.preprod.payone.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.fontawesome.com fonts.gstatic.com fonts.googleapis.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ pay.google.com apm.przelewy24.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://static.paynow.pl *.cloudfront.net https://player.vimeo.com https://www.google.pl https://www.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com apm.przelewy24.pl *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com fonts.googleapis.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com apm.przelewy24.pl https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src * data:;img-src * data:;frame-src 'self' *.sevenrooms.com *.doubleclick.net *.smartrecruiters.com *.adyen.com *.pinterest.com *.googleadservices.com *.google.com *.googletagmanager.com *.cardinalcommerce.com sevenrooms.com *.americanexpress.com *.securesuite.co.uk secure7.arcot.com *.rsa3dsauth.co.uk mycardsecure.com www.mycardsecure.com dupe.com *.opentable.com.au;script-src 'self' *.curator.io *.google-analytics.com *.googletagmanager.com *.google.com *.licdn.com *.clarity.ms *.gstatic.com *.facebook.net *.pinimg.com *.smartrecruiters.com *.hotjar.com cdn-cookieyes.com 'unsafe-eval' 'unsafe-inline' data:;script-src-elem 'self' 'unsafe-inline' *.facebook.net *.licdn.com *.google.com *.googletagmanager.com https://www.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.smartrecruiters.com *.curator.io *.clarity.ms *.pinimg.com *.hotjar.com cdn-cookieyes.com;style-src-elem 'self' *.honey.io *.google.com *.curator.io *.smartrecruiters.com *.facebook.net *.clarity.ms 'unsafe-inline';connect-src 'self' *.facebook.com *.google.com *.google-analytics.com *.googleapis.com melprdwebsite.azurewebsites.net crownkentico-prd-as-csearch.search.windows.net *.pinterest.com *.doubleclick.net *.curator.io *.clarity.ms *.linkedin.com *.datatoolscloud.net.au *.hotjar.io *.adyen.com *.cookieyes.com cdn-cookieyes.com ws://localhost:12387 wss://ws.hotjar.com https://www.google.com/ data:;report-uri /api/logs/csp-report;report-to csp-endpoint; 4 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.googleapis.net data: *.acsbapp.com *.bootstrapcdn.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.pinterest.com *.hotjar.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.google.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.facebook.com *.b0e8.com *.dynamicyield.com *.pinterest.com *.e.aa.online-metrix.net *.acsbapp.com *.cookielaw.org *.bing.com *.yahoo.com *.google.co.in google.co.in *.listrakbi.com *.gstatic.com all-clad.com *.all-clad.com emjcd.com *.emjcd.com *.dotomi.com *.espssl.com *.clarity.ms *.tagcommander.com *.adsrvr.org *.rubiconproject.com *.g.doubleclick.net https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.ugc.bazaarvoice.com *.listrakbi.com *.nr-data.net *.facebook.net *.b0e8.com *.bc0a.com *.cookielaw.org *.dynamicyield.com *.tagcommander.com *.cloudflare.com *.newrelic.com *.yimg.com *.pinimg.com *.hotjar.com www.google.com *.mczbf.com *.acsbapp.com acsbapp.com *.salesforceliveagent.com *.force.com *.curalate.com *.noibu.com *.pinterest.com *.online-metrix.net *.googleapis.com *.bing.com *.vimeo.com *.amazonaws.com *.clarity.ms click2cart.com *.adsrvr.org *.aggregated-data.com *.cloudfront.net s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.magento-datasolutions.com *.magento-ds.com display.ugc.bazaarvoice.com *.listrakbi.com *.ugc.bazaarvoice.com *.typekit.net *.force.com *.bootstrapcdn.com *.espssl.com *.cloudfront.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.dynamicyield.com *.cookielaw.org *.nr-data.net *.g.doubleclick.net *.listrak.com *.listrakbi.com *.pinterest.com *.hotjar.com *.yimg.com google.co.in *.mczbf.com *.bc0a.com *.googleapis.com facebook.com *.acsbapp.com *.click2cart.com *.clarity.ms *.aggregated-data.com *.curalate.com *.noibu.com wss://input.noibu.com *.onetrust.com *.bing.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com account.groupeseb.com *.salesforceliveagent.com *.salesforce.com *.force.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 4 font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net fonts.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.obelink.nl www.obelink.be www.obelink.de www.obelink.pl www.obelink.at www.obelink.es www.obelink.it www.obelink.fr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://*.dpdconnect.nl https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.google.com/recaptcha/ https://js.stripe.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://images.unsplash.com https://static.buckaroo.nl https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.magmodules.eu *.squeezely.tech ts.tradetracker.net widgets.trustedshops.com bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://*.dpdconnect.nl s7.addthis.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io s.ytimg.com *.googletagmanager.com tagmanager.google.com squeezely.tech *.squeezely.tech tm.tradetracker.net app.aiden.cx widgets.trustedshops.com restapi.mailplus.nl navigator-analytics.tweakwise.com cdn.jsdelivr.net td.doubleclick.net bat.bing.com static.cloudflareinsights.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net tagmanager.google.com fonts.google.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl ekr.zdassets.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.google-analytics.com ekr.zdassets.com *.analytics.google.com *.googletagmanager.com squeezely.tech *.squeezely.tech cdn.growthbook.io app.aiden.cx *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://8a41912f-2069-471c-8cfc-be803d04015d.sansec.watch/; report-to report-endpoint; 4 script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://meet.google.com/_/scs/mss-static/_/js/ https://www.gstatic.com/video_effects/effects/ https://www-onepick-opensocial.googleusercontent.com/gadgets/js/rpc.js https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://meet.google.com/meetsw.js https://meet.google.com/devicesw.js https://meet.google.com/notrodsw.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://maps.googleapis.com/maps/api/js https://meet.google.com/_/scs/mss-static/_/js/k=boq-rtc.MeetingsUi.en_US.9exXjZXsxnk.2020.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/place/js/;report-uri /_/MeetingsUi/cspreport/fine-allowlist 4 worker-src 'self' *.logrocket.com *.logrocket.io; font-src data: *.adyen.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.bounceexchange.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.bounceexchange.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net player.vimeo.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.bing.com *.doubleclick.net *.omtrdc.net *.criteo.net *.bounceexchange.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.doubleclick.net *.bing.com *.omtrdc.net *.paypal.com www.xtento.com *.afterpay.com *.scarabresearch.com *.emarsys.net *.tiktok.com *.riskified.com *.bounceexchange.com *.bouncex.net *.micpn.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.plugins.emarsys.net *.scarabresearch.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.attraqt.io *.logrocket.io *.agilone.com/ *.wknd.ai *.micpn.com *.tiktok.com *.bing.com *.usabilla.com *.doubleclick.net *.omtrdc.net *.mastercard.com *.visa.com *.zipmoney.com.au *.riskified.com *.google.com *.emarsys.net *.inside-graph.com *.criteo.net *.zip.co *.trendii.com *.pinimg.com *.pinterest.com *.quantserve.com *.criteo.com *.snapchat.com *.useinsider.com *.qualtrics.com *.quantcount.com *.bounceexchange.com *.rmtag.com *.logrocket.com www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.bootstrapcdn.com *.riskified.com *.googleapis.com *.quantserve.com *.bounceexchange.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'self' 'unsafe-inline'; manifest-src 'self' 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.scarabresearch.com *.eservice.emarsys.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' *.bing.com *.doubleclick.net *.omtrdc.net *.tiktok.com *.riskified.com *.criteo.net *.criteo.com *.trendii.com *.useinsider.com *.quantcount.com *.bounceexchange.com *.logrocket.io *.google.com *.logrocket.com *.quantserve.com *.bouncex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com www.xtento.com https://gum.criteo.com/ https://fledge.eu.criteo.com/ https://fledge.criteo.com https://fledge.criteo.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net www.xtento.com cdn.xtento.com https://www.google.pl/pagead/1p-user-list/999999999/ https://bat.bing.com/action/0 https://www.google.pl/pagead/1p-user-list/9999999999/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com www.xtento.com cdn.xtento.com https://bat.bing.com/bat.js https://dynamic.criteo.com/js/ld/ld.js https://v2.zopim.com/ https://mmgtr11111.pcapredict.com/js/sensor.js https://bat.bing.com/p/action/99999999.js https://static.zdassets.com/ekr/asset_composer.js https://services.postcodeanywhere.co.uk/js/platformcaptureplus-2.20.min.js https://sslwidget.criteo.com/event https://static.zdassets.com/ekr/sentry-browser.min.js https://static.zdassets.com/web_widget/classic/latest/web-widget-main-67c35ac.js https://static.zdassets.com/ *.criteo.com *.criteo.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net https://services.postcodeanywhere.co.uk/css/platformcaptureplus-2.20.min.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://services.postcodeanywhere.co.uk/Extras/Web/Ip2Country/v1.10/json https://ekr.zdassets.com/compose/zopim_chat/53Td2YM5k7jXEY56SEtiqSOBumCZVjcl https://military1st.zendesk.com/embeddable/config https://services.postcodeanywhere.co.uk/ https://google.com/pay wss://widget-mediator.zopim.com https://services.postcodeanywhere.co.uk/Capture/Interactive/Find/v1.00/json https://bat.bing.com/ https://military1st.zendesk.com/ https://military1st.zendesk.com/frontendevents/dl *.criteo.com *.criteo.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 4 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za map.pargo.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.oppwa.com oppwa.com worldtimeapi.org *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 4 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.squarecdn.com *.googleapis.com *.gstatic.com *.google.com *.zmags.com *.espssl.com *.virtooal.com *.paypal.com *.googletagmanager.com *.zopim.com *.apptrian.com *.facebook.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.searchspring.net *.viemo.com *.searchspring.io widget-mediator.zopim.com *.xtento.com *.auglio.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.getfastr.com *.narvar.com *.narvar.qa *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.facebook.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com widgets.sandbox.afterpay.com *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.authorize.net *.facebook.com *.zmags.com *.doubleclick.net *.virtooal.com *.iglobalstores.com *.pinterest.com *.webeyez.com *.apptrian.com *.zopim.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.googleapis.com *.searchspring.net *.viemo.com *.gstatic.com *.searchspring.io widget-mediator.zopim.com *.xtento.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com *.ehappify.com *.weltpixel.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com landofcoder.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.google.com *.zmags.com *.zonos.com *.bing.com *.pinterest.com *.google.co.in *.clarity.ms *.cloudfront.net *.cocoreefswim.com *.tyr.com *.espssl.com *.listrakbi.com *.facebook.net *.googletagmanager.com *.postcodeanywhere.co.uk *.doubleclick.net *.shareasale.com *.beachhouseswim.com *.beach2ocean.com cfvod.kaltura.com *.cookielaw.org *.rakuten.com *.linksynergy.com *.xg4ken.com *.amazonaws.com *.narvar.com *.narvar.qa store.paradoxlabs.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.authorize.net sandbox-assets.secure.checkout.visa.com *.google.com *.zmags.com *.listrakbi.com *.searchspring.net *.zonos.com *.pinimg.com *.bing.com *.iglobalstores.com *.cloudfront.net *.dwin1.com *.clarity.ms *.newrelic.com *.nr-data.net *.g.doubleclick.net *.pcapredict.com *.postcodeanywhere.co.uk *.zendesk.com *.zdassets.com *.virtooal.com *.listrak.com *.zopim.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.google.co.in cdnapisec.kaltura.com code.jquery.com *.webeyez.com *.facebook.com *.xtento.com *.apptrian.com *.googletagmanager.com *.viemo.com *.google-analytics.com *.paypalobjects.com *.cloudflare.com *.cookielaw.org *.auglio.com *.nagich.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.zma.gs *.searchspring.io *.spring.citi.com *.barilliance.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com https://cdn.searchspring.net/intellisuggest/is.min.js https://www.googletagmanager.com tagmanager.google.com landofcoder.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.sharethis.com unsafe-inline assets.braintreegateway.com *.google.com *.typekit.net *.zmags.com *.listrakbi.com *.searchspring.net *.postcodeanywhere.co.uk *.virtooal.com *.facebook.com egiftifymerchantassets.s3.amazonaws.com *.auglio.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.zma.gs *.amazonaws.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zdassets.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.spring.citi.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.authorize.net *.zmags.com *.listrakbi.com *.listrak.com *.zonos.com *.clarity.ms *.nr-data.net *.cloudflare.com *.pinterest.com *.g.doubleclick.net *.searchspring.io *.postcodeanywhere.co.uk *.virtooal.com *.zdassets.com *.zendesk.com *.zopim.com *.grin.co wss://widget-mediator.zopim.com widget-mediator.zopim.com *.webeyez.com *.googletagmanager.com *.apptrian.com *.facebook.com *.google-analytics.com *.paypalobjects.com *.googleadservices.com *.viemo.com *.gstatic.com *.tyr.com *.cookielaw.org *.nagich.com *.truefitcorp.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.addressy.com *.zma.gs *.barilliance.com *.amazonaws.com https://beacon.searchspring.io/beacon https://www.google-analytics.com landofcoder.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data:; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data:; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 4 font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.plugins.emarsys.net *.scarabresearch.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.magento-datasolutions.com *.magento-ds.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.scarabresearch.com *.eservice.emarsys.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob: wss://*.hotjar.io blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com https://*.evidon.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com; img-src 'self' https: data: ; font-src 'self' https: ; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com https://ad.doubleclick.net https://maps.googleapis.com https://*.evidon.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com https://td.doubleclick.net; frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 4 object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cse.google.com https://js.hsforms.net https://platform-api.sharethis.com https://rebilly.github.io https://unpkg.com https://use.fontawesome.com https://ws.sharethis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 4 report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=Zm6jHcglbkT17wbeLYnRh&v=7; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js; report-to csp-endpoint; script-src 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org client-api.arkoselabs.com connect.facebook.net developers.kakao.com interactives.ap.org js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com static.captchami.com tiktok.captchami.com unpkg.com www.facebook.net www.vimeo.com 4 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://widgets.trustedshops.com integrations.etrusted.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.copernica.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com *.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de *.google.com maps.google.com chat.babypark.nl *.doubleclick.net td.doubleclick.net googleads.g.doubleclick.net widget.trustpilot.com *.cookiebot.com *.cookiebot.eu chatwidget-prod.web.app platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.buckaroo.nl *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com bat.bing.com www.thuiswinkel.org i.ytimg.com img.youtube.com blob: lantern.roeye.com *.bing.com *.clarity.ms *.cookiebot.com *.cookiebot.eu integrations.etrusted.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl js.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl *.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com static.zdassets.com js-agent.newrelic.com *.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl widget.trustpilot.com *.pinterest.com *.hotjar.com *.hotjar.io *.cookiebot.com *.cookiebot.eu integrations.etrusted.com chatwidget-prod.web.app twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl integrations.etrusted.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com integrations.etrusted.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.clarity.ms *.pinterest.com *.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com *.google.com *.hotjar.com *.hotjar.io analytics.google.com bat.bing.com *.cookiebot.com *.cookiebot.eu *.copernica.com integrations.etrusted.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 4 font-src ctiapi.com s3.amazonaws.com *.fontawesome.com fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com ctiapi.com *.hestage.com *.ecklers.com *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.doubleclick.net *.clarity.ms *.vantivprelive.com *.google.com *.listrak.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com ctiapi.com s3.amazonaws.com youtube.com *.ecklers.com *.gfycat.com *.imgeng.in *.cloudfront.net *.userid.io *.bing.com *.google.com *.clarity.ms *.listrakbi.com *.riskified.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.cloudfront.net *.cloudflare.com *.bc0a.com *.online-metrix.net *.vantivprelive.com *.listrak.com *.listrakbi.com *.listrakbi.net *.userid.io *.bing.com *.datasteam.io *.doubleclick.net *.upsellit.com *.clarity.ms *.murdoog.com *.dwin1.com *.needle.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.gstatic.com *.ctiapi.com *.riskified.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com ctiapi.com *.fontawesome.com *.cloudfront.net *.listrakbi.net *.listrakbi.com *.googleapis.com unsafe-inline *.gstatic.com 'self' 'unsafe-inline'; object-src ctiapi.com s3.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.bc0a.com *.brontops.com *.ecklers.com *.doubleclick.net *.cloudfront.net *.listrak.com *.clarity.ms *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.demdex.net *.cardinalcommerce.com *.google.com *.google-analytics.com *.paypalobjects.com *.ctiapi.com *.riskified.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 4 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: android-webview-video-poster:; font-src * data:; connect-src * blob:; media-src * blob:; frame-src * blob: navigate:; worker-src 'self' blob:; frame-ancestors https://commentsold.com dashboard.popshop.live dashboard.dev.popshop.live; form-action 'self' www.facebook.com tr.snapchat.com pos.commentsold.com; object-src 'none'; manifest-src *; child-src 'self' blob:; report-uri https://o43862.ingest.sentry.io/api/239693/security/?sentry_key=deb2fc6b7d104f7ea6241356c26c14d0 4 font-src https://fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com *.zopim.com *.adyen.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://0merchantacsstag.cardinalcommerce.com *.mercurypaymentservices.it 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com https://player.vimeo.com *.iubenda.com *.mercurypaymentservices.it *.google-analytics.com *.gtm.com *.rolex.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://www.google.it https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: https://maps.google.com https://maps.gstatic.com *.googleapis.com *.gstatic.com *.bird.eu *.iubenda.com *.zopim.com *.zopim.io *.zdassets.com *.adobedtm.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://www.google.com https://www.gstatic.com https://c.paypal.com https://songbirdstag.cardinalcommerce.com https://maps.google.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.iubenda.com www.youtube.com *.zopim.com *.zopim.io *.zdassets.com bam.nr-data.net *.damiani.com *.rocca1794.com *.mercurypaymentservices.it *.google-analytics.com *.gtm.com *.adobedtm.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://www.gstatic.com fonts.googleapis.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://centinelapistag.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com https://maps.googleapis.com *.googleapis.com https://geoip-js.com *.iubenda.com *.zopim.com *.zopim.io *.zdassets.com wss://widget-mediator.zopim.com ws://127.0.0.1:35729/livereload bam.nr-data.net *.damiani.com *.rocca1794.com *.mercurypaymentservices.it *.google-analytics.com *.gtm.com *.googlesyndication.com *.zendesk.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src *.fontawesome.com https://fonts.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.monetico-services.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.addthis.com *.multisafepay.com https://pay.google.com static.addtoany.com *.cookiebot.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.alothemes.com *.magepow.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be *.facebook.com *.google.pl *.google.com *.bing.com *.cookiebot.com *.clarity.ms *.doubleclick.net www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.avada.io *.alothemes.com *.magepow.com *.multisafepay.com https://pay.google.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be www.clarity.ms connect.getflowbox.com static.addtoany.com cdn-4.convertexperiments.com assets.voyado.com *.cookiebot.com *.beslist.nl *.pinimg.com *.bing.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.addtoany.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be fonts.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.monetico-services.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.addthis.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.alothemes.com *.magepow.com *.multisafepay.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be testapi.multisafepay.com *.google-analytics.com *.google.com *.googlesyndication.com *.staging.voyado.com *.clarity.ms *.doubleclick.net *.pinterest.com *.cookiebot.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.google.com www.youtube.com js-agent.newrelic.com *.petm2.com *.staging.petm2.com *.petiteamelie.nl *.petiteamelie.fr *.petiteamelie.de *.petiteamelie.co.uk *.petiteamelie.com *.petiteamelie.be static.addtoany.com pay.multisafepay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report 4 default-src blob: https:; img-src data: https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src data: https:; frame-src https:; media-src data: https:; object-src 'none'; connect-src https:; frame-ancestors 'self'; 4 upgrade-insecure-requests 4 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com pay.google.com https://www.youtube.com https://form.typeform.com *.pinterest.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr *.trustedshops.com cdn.cookielaw.org res.cloudinary.com www.b2c-nfinity.com t.squeezely.tech cdn-icons-png.flaticon.com docker.creative-serving.com trkr.shoppingminds.net bam.nr-data.net *.googleapis.com *.etrusted.com *.pinterest.com bat.bing.com *.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org cdn.doofinder.com *.google.com *.google.co.uk *.google.ca b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ts.tradetracker.net blob: www.google.ge magefan.com cm.magefan.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.trustedshops.com squeezely.tech bat.bing.com *.etrusted.com *.kk-resources.com *.googleoptimize.com cdn.cookielaw.org l.getsitecontrol.com script.shoppingminds.com script.shoppingminds.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com s2.getsitecontrol.com *.pinterest.com s.pinimg.com analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be unpkg.com cdn.jsdelivr.net *.googletagmanager.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com display.ugc.bazaarvoice.com cdn.doofinder.com analytics.tiktok.com *.google.co.uk *.google.ca s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net *.trustpilot.com apps-stg.nexus.bazaarvoice.com network-stg.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://connect.facebook.net *.google.fr *.disqus.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.etrusted.com *.pinterest.com display.ugc.bazaarvoice.com *.doofinder.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.youtube.com youtu.be www.youtube-nocookie.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.adyen.com payments-eu.amazon.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com *.google.lk analytics.topdrinks.nl ws.hotjar.com wss://ws.hotjar.com content.hotjar.io analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be cdn.cookielaw.org geolocation.onetrust.com *.g.doubleclick.net l.getsitecontrol.com *.shoppingminds.net *.googleapis.com bam.nr-data.net cdn1.api.trustedshops.com pay.google.com privacyportal-de.onetrust.com vc.hotjar.io events.getsitectrl.com *.etrusted.com *.pinterest.com ws.colissimo.fr maps.googleapis.com nominatim.openstreetmap.org *.onyourmap.com *.mapbox.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.doofinder.com wss://*.doofinder.com analytics.tiktok.com ekr.zdassets.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com https://analytics.tiktok.com *.google.fr *.google.co.uk *.google.ca 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://maps.omnivasiunta.lt data: *.xsmanguasjad.ee *.google.com *.google.lv image-charts.com *.klevu.com *.ksearchnet.com https://omnisnippet1.com https://wt.soundestlink.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://unpkg.com *.newrelic.com *.hotjar.com *.doubleclick.net *.googletagmanager.com *.nr-data.net *.zdassets.com *.klevu.com *.ksearchnet.com https://omnisnippet1.com https://forms.soundestlink.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://geocode.arcgis.com *.hotjar.com *.doubleclick.net *.nr-data.net *.zdassets.com *.zendesk.com *.zopim.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src *.cloudflare.com *.nxedge.io *.zencdn.net fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.paypalobjects.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.nxedge.io *.zencdn.net *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.nxedge.io *.zencdn.net *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.paypalobjects.com *.avada.io *.nxedge.io *.zencdn.net ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.nxedge.io *.zencdn.net fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.doubleclick.net *.google-analytics.com *.paypalobjects.com *.braintreegateway.com *.avada.io *.kaptcha.com *.nxedge.io *.zencdn.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * api.bazaarvoice.com stg.api.bazaarvoice.com *.cordialdev.com *.cordial.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cordialdev.com *.cordial.com *.cordial.io *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com imgsct.cookiebot.com *.facebook.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cordialdev.com *.cordial.com track.cordial.io edge.curalate.com d.p.email.stabilwork.com acsbapp.com consent.cookiebot.com implus.atlassian.net *.withremark.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.cloudflare.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cordialdev.com *.cordial.com acsbapp.com cdn.acsbapp.com edge.curalate.com stats.g.doubleclick.net *.withremark.com *.google-analytics.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://secure-test.worldpay.com/shopper/3ds/ddc.html https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://www.youtube.com/ 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://widget.trustpilot.com/ https://pay.google.com https://secure-test.worldpay.com *.weltpixel.com *.google.com https://plumrocket.com https://www.youtube.com/ https://www.usaskateshop.com/ www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.gstatic.com *.google.com *.mageside.com mageside.com maps.gstatic.com https://usaskateshop-com.b-cdn.net/ www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.hotjar.com https://static.zdassets.com https://payments.worldpay.com https://cdn.clerk.io https://api.clerk.io https://ss.euroskateshop.de https://ss.euroskateshop.nl https://ss.euroskateshop.ch https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.google.com applepay.cdn-apple.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.cloudflare.com *.fontawesome.com applepay.cdn-apple.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.usaskateshop.dk https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.luck-nine.com; report-uri /csp_reports 4 script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1452:0 3 upgrade-insecure-requests; child-src www.googletagmanager.com 'self' www.google-analytics.com accounts.firefox.com www.youtube.com js.stripe.com *.mozilla.net *.mozilla.org *.mozilla.com; frame-src www.googletagmanager.com 'self' www.google-analytics.com accounts.firefox.com www.youtube.com js.stripe.com *.mozilla.net *.mozilla.org *.mozilla.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; script-src tagmanager.google.com 'unsafe-eval' www.googletagmanager.com 'self' www.google-analytics.com www.youtube.com s.ytimg.com js.stripe.com *.mozilla.net *.mozilla.org 'unsafe-inline' *.mozilla.com; object-src 'none'; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net; font-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; img-src images.ctfassets.net www.googletagmanager.com 'self' www.google-analytics.com *.mozilla.net *.mozilla.org data: *.mozilla.com; frame-ancestors 'none'; connect-src sentry.prod.mozaws.net o1069899.ingest.sentry.io stage.cjms.nonprod.cloudops.mozgcp.net www.googletagmanager.com 'self' www.google-analytics.com https://accounts.firefox.com/ *.mozilla.net *.mozilla.org cjms.services.mozilla.com o1069899.sentry.io *.mozilla.com region1.google-analytics.com; base-uri 'none'; default-src 'self' 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.mythad.com https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;img-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;connect-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 3 default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error 3 default-src https:; report-to csp-endpoint 3 default-src 'self' *.pinduoduo.com *.pddpic.com *.yangkeduo.com *.pddugc.com *.pinduoduo.net *.v.smtcdns.net *.ourdvsss.com wss://*.pinduoduo.com wss://*.yangkeduo.com mapstyle.qpic.cn blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri https://tc.pinduoduo.com/x.gif 3 default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be https://cdn.linkedin.oribi.io https://*.analytics.google.com https://adservice.google.com https://analytics.google.com https://content.hotjar.io;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://*.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com https://www.gstatic.com 3 script-src 'self' addtocalendar.com cdn.amcharts.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://script.crazyegg.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io; script-src-attr 'self'; style-src 'self' addtocalendar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 3 connect-src https:; child-src https:; default-src https:; font-src data: https:; form-action https:; frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; frame-src https:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-attr https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-eval' 'unsafe-inline'; style-src https:; style-src-attr 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; worker-src blob:; report-uri https://csp.ffx.io/; report-to csp-endpoint 3 default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https: mailto:; connect-src https: wss: data:; font-src https: data:; media-src 'self' https:; worker-src blob:; report-uri https://www.sunrise.ch/csp-collector 3 default-src 'self' *.juntadeandalucia.es juntadeandalucia.es; img-src 'self' data: *.juntadeandalucia.es *.googletagmanager.com; script-src 'self' *.juntadeandalucia.es juntadeandalucia.es *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' *.google-analytics.com; style-src 'self' *.juntadeandalucia.es juntadeandalucia.es fonts.googleapis.com 'unsafe-inline'; style-src-elem 'self' *.juntadeandalucia.es juntadeandalucia.es fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.juntadeandalucia.es fonts.gstatic.com; object-src 'none'; 3 base-uri 'self'; default-src 'self' *.atl-paas.net; script-src 'self' 'unsafe-inline' *.atl-paas.net; style-src 'self' 'unsafe-inline' *.atl-paas.net; img-src 'self' *.atl-paas.net; font-src 'self' *.atl-paas.net; frame-ancestors 'none'; form-action 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/id-frontend; report-to csp-default-endpoint 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 3 frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 3 default-src https: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sense.com *.addthisedge.com *.omtrdc.net *.everesttech.net *.demdex.net *.adobedtm.com *.scene7.com *.akamaihd.net *.adnxs.com *.baidu.com *.prod.bidr.io *.btttag.com *.brightcove.com *.brightcove.net *.zencdn.net *.cloudflare.com *.contentsquare.net *.company-target.com *.demandbase.com *.doubleclick.net *.adsymptotic.com *.d41.co *.dynatrace.com *.facebook.com *.facebook.net *.fontawesome.com *.fullstory.com *.google.co.in *.google.co.jp *.google.co.uk *.google.com *.google.com.hk *.google.fr *.google.kr *.google.es *.google.de *.google.ru *.google.ie *.google.am *.google.com.co *.google.com.ph *.google.com.au *.google.hu *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs.llnwd.net *.linkedin.com *.licdn.com *.i.lithium.com *.microsoftazuread-sso.com *.ni.com *.agkn.com *.newrelic.com *.nr-data.net *.moatads.com *.polyfill.io *.qualtrics.com *.quantcount.com *.quantserve.com *.rlcdn.com *.force.com *.salesforce.com *.salesforceliveagent.com *.pardot.com *.krxd.net *.rfihub.com *.serving-sys.com *.addthis.com *.adsrvr.org *.truste.com *.twitter.com *.ads-twitter.com t.co *.6sc.co *.rezync.com *.analytics.yahoo.com *.yimg.com unpkg.com *.psiexams.com *.systemlinkcloud.com *.systemlinkcloud.io mythinkscape.com *.mythinkscape.com *.multisim.com *.boltdns.net *.3playmedia.com *.paymetric.com *.captchas.net *.bing.com *.pagespeed-mod.com *.lithcloud.com *.jsdelivr.net *.cloudfront.net *.amazonaws.com *.day.com *.mathjax.org *.zoominsoftware.io *.bootstrapcdn.com *.nicdn.net *.leadsrx.com *.quizscape.com *.thoughtindustries.com *.wistia.com *.credly.com *.kbmax.com *.certain.com *.fonts.net *.typekit.net *.khoros.app.box.com *.limuirs-asset.lithium.com *.cookielaw.org *.windows.net data: blob; object-src 'none'; worker-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 3 default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/ 3 object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net;img-src * blob: data: ; font-src acsbapp.com www.realpage.com s.realpage.com use.typekit.net fonts.gstatic.com vjs.zencdn.net maxcdn.bootstrapcdn.com www.slant.co data:; style-src *.typekit.net *.realpage.com fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-to csp-report-only; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3 default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://okt.to/ping https://rum-static.pingdom.net https://snap.licdn.com https://static.ads-twitter.com https://static.oktopost.com/oktrk.js https://tagmanager.google.com https://tags.clickagy.com https://tracking.g2crowd.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://api.ipstack.com/check https://cdn.leandata.com https://app.leandata.com https://s15952.pcdn.co; font-src 'self' data: font/woff data: font/woff2 data: font/otf data: font/ttf https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://cdn.leandata.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 'self' https://*.google-analytics.com https://*.pingdom.net https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://*.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.6sense.com https://*.hs-banner.com https://*.linkedin.oribi.io/event https://tracking.g2crowd.com https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com https://js.zi-scripts.com https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://app.leandata.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; object-src 'none'; 3 default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; media-src 'self' https: blob: data:; object-src https: blob:; worker-src 'self' https: blob:; frame-src 'self' https: blob:; form-action 'self' https:; block-all-mixed-content; report-uri /csp-violation-report 3 default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn-ukwest.onetrust.com/scripttemplates/ https://websdk.appsflyer.com/ https://www.google.com/recaptcha/enterprise.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.segment.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.moonpay.com https://api.moonpay.com https://api.coingecko.com https://cdn-ukwest.onetrust.com https://*.launchdarkly.com https://geolocation.onetrust.com https://o465989.ingest.sentry.io https://vitals.vercel-insights.com https://*.google-analytics.com https://*.analytics.google.com https://logs.browser-intake-datadoghq.com https://cdn.segment.com https://otel-collector.moonpay.com https://otel-collector.moonpaycloud.com https://otel-collector.moonpay-staging.com; font-src 'self' https://static.moonpay.com; frame-src 'self' https://buy.moonpay.com https://sell.moonpay.com https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' https://cdn-ukwest.onetrust.com https://images.ctfassets.net https://static.moonpay.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; frame-ancestors 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4f9819648cf6c369f00daa5b3a3a0ea7&dd-evp-origin=content-security-policy&ddsource=csp-report 3 default-src 'self' *.insight.com *.drift.com *.driftcdn.com *.launchdarkly.com www.googletagmanager.com play.vidyard.com *.aimtell.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.insight.com *.adroll.com *.atgsvcs.com *.custhelp.com *.webcollage.net *.driftt.com *.google.com *.marketo.com *.doubleclick.com *.doubleclick.net *.qualtrics.com assets.adobedtm.com cdn.lr-in-prod.com cdn.pricespider.com munchkin.marketo.net play.vidyard.com s.go-mpulse.net up.pixel.ad use.typekit.net ws.cs.1worldsync.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.youtube.com apps.bazaarvoice.com static.ads-twitter.com cdn-ukwest.onetrust.com cdn01.basis.net cdns.eu1.gigya.com code.jquery.com content.syndigo.com js.adsrvr.org *.cnetcontentsolutions.com mpsnare.iesnare.com unpkg.com www.googleadservices.com bat.bing.com cdn.cs.1worldsync.com cdn.tt.omtrdc.net connect.facebook.net i.simpli.fi lex.33across.com px.ads.linkedin.com s3.amazonaws.com snap.licdn.com *.hotjar.com t.sellpoints.com tracking.intentsify.io view.ceros.com w.usabilla.com ws.zoominfo.com xiecomm.paymetric.com blob:; style-src 'self' 'unsafe-inline' *.insight.com *.drift.com *.marketo.com code.jquery.com cdn.cs.1worldsync.com fonts.googleapis.com cdn.tt.omtrdc.net; img-src * data:; font-src 'self' data: *.insight.com fonts.gstatic.com use.typekit.net cdn.cs.1worldsync.com insightenterprises.qualtrics.com s.nsit.com svcs.tql.com at.alicdn.com; connect-src 'self' *.akamaihd.net *.clarity.ms *.gigya.com *.google.com *.google-analytics.com *.googlesyndication.com *.insight.com *.launchdarkly.com *.mktoresp.com *.akstat.io *.go-mpulse.net *.onetrust.com insightenterprises.tt.omtrdc.net stats.g.doubleclick.net www.google-analytics.com 366-uky-221.mktoutil.com adservice.google.com bat.bing.com cdn.aimtell.io cdn.linkedin.oribi.io cert-xiecomm.paymetric.com content.syndigo.com dpm.demdex.net et-qalogin.insight.com integration.richrelevance.com r.lr-in-prod.com rules.atgsvcs.com signals.aimtell.com sjrtp2.marketo.com smetrics.insight.com *.bazaarvoice.com ws.zoominfo.com *.adroll.com play.vidyard.com *.richrelevance.com www.facebook.com siteintercept.qualtrics.com *.googletagmanager.com; media-src player.vimeo.com www.youtube.com; object-src *.insight.com; frame-src 'self' *.adsrvr.org pixel.sitescout.com insight.demdex.net js.driftt.com app-abm.marketo.com centinelapistag.cardinalcommerce.com cert-xiecomm.paymetric.com html5-player.libsyn.com insightent.wufoo.com *.insight.com play.vidyard.com view.ceros.com www.youtube.com *.marketo.com *.doubleclick.net *.everestjs.net cbsi.demdex.net www.facebook.com beacon.aimtell.com; report-uri https://insight.report-uri.com/r/t/csp/wizard 3 report-to default; frame-src 'self' *.recaptcha.net *.olark.com; font-src 'self' data: *.olark.com; script-src 'self' 'unsafe-inline' *.true.nl *.googletagmanager.com *.google-analytics.com *.piwik.pro *.recaptcha.net *.gstatic.com *.bing.com *.olark.com *.youtube.com *.vimeo.com *.hotjar.com *.licdn.com *.clarity.ms *.pardot.com *.reddit.com *.redditstatic.com *.twitter.com *.t.co; img-src 'self' data: *.olark.com; media-src 'self' data: *.olark.com; object-src 'self'; default-src 'self' 'unsafe-inline' *.true.nl *.google-analytics.com *.piwik.pro *.olark.com *.pardot.com *.linkedin.com *.clarity.ms *.hotjar.com *.google.com *.doubleclick.net *.reddit.com *.redditstatic.com *.twitter.com *.t.co 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 3 default-src 'self' 'unsafe-inline' data: *.marianatek.com *.cookielaw.org *.chilipiper.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflare.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.licdn.com *.facebook.net *.clarity.ms *.google-analytics.com *.hs-scripts.com *.doubleclick.net https://unpkg.com/;upgrade-insecure-requests; 3 default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 3 default-src 'self'; script-src 'nonce-M0Q2QTkwQjdDMjM5' 'strict-dynamic' https: 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.cookielaw.org *.cookiepro.com *.onetrust.com *.adobedtm.com *.googleapis.com; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; img-src 'self' https: data:; worker-src 'self'; media-src 'self' https://za5jzhla73.execute-api.us-east-1.amazonaws.com https://6zf7b56x55.execute-api.us-east-1.amazonaws.com https://c64djon8lb.execute-api.us-east-1.amazonaws.com https://netjets-dev-corp-site-us-east-1.s3.amazonaws.com https://netjets-qa-corp-site-us-east-1.s3.amazonaws.com https://netjets-prod-corp-site-us-east-1.s3.amazonaws.com; font-src https:; form-action 'self' https:; base-uri 'self'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb61413121040ab6931e3bb32a195b78a&dd-evp-origin=content-security-policy&ddsource=csp-report; 3 default-src 'self' data: blob: https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com; connect-src 'self' data: properties: https://cmfglifeinsurance.us-6.evergage.com https://*.google-analytics.com https://*.google.com https://*.linkedin.com https://*.niceincontact.com https://clientstream.launchdarkly.com/ https://fonts.gstatic.com https://*.optimizely.com https://*.cunamutual.com https://www.nextinsure.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.googlesyndication.com https://*.trustage.com https://us-central1-adaptive-growth.cloudfunctions.net https://cdn.linkedin.oribi.io https://s.yimg.com https://*.doubleclick.net https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://*.bing.com https://*.googleapis.com https://cunamutual.okta.com https://cdn.cookielaw.org https://cunamutual.oktapreview.com/ https://*.googleadservices.com/ https://*.qualtrics.com/ https://dc.services.visualstudio.com/ https://*.levelaccess.net https://www.googletagmanager.com https://facebook.com/ https://*.segment.io https://*.segment.com https://*.permutive.com https://calc-backend-prod.herokuapp.com https://www.facebook.com; frame-ancestors 'self' https://trustage.com https://*.optimizely.com https://*.trustagedem.com https://*.trustagedemo.com; frame-src 'self' https://trustage.com https://*.googlesyndication.com https://cunamutual.widen.net https://login.microsoftonline.com https://*.widencdn.net https://*.opendns.com https://*.optimizely.com https://www.youtube.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net https://*.doubleclick.net https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://www.googletagmanager.com https://*.trustpilot.com/ https://*.flashtalking.com https://*.google.com https://*.qualtrics.com https://*.affec.tv https://*.opendns.com https://www.facebook.com https://*.ceros.com https://home-c27.incontact.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cmfglifeinsurance.us-6.evergage.com https://*.googlesyndication.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://static-demo.trustage.cloud https://*.trustage.com https://*.googleadservices.com https://*.trustagedem.com https://*.trustagedemo.com https://cdn.cookielaw.org https://*.signalintent.com https://*.google.com https://chase-var.hostedpaymentservice.net https://chase.hostedpaymentservice.net https://cdn.pdst.fm https://snap.licdn.com https://insurance.mediaalpha.com https://us-central1-adaptive-growth.cloudfunctions.net https://s.yimg.com https://*.facebook.net https://geolocation.onetrust.com https://cdn.linkedin.oribi.io https://privacyportal.onetrust.com https://*.google.com https://sp.analytics.yahoo.com https://*.linkedin.com https://www.pagespeed-mod.com https://*.google-analytics.com https://*.salesforceliveagent.com/ https://*.oktacdn.com/ https://*.trustpilot.com/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://*.levelaccess.net/ https://*.qualtrics.com/ https://www.googleoptimize.com https://bat.bing.com https://solutions.invocacdn.com https://pnapi.invoca.net https://*.affec.tv/ https://*.evgnet.com/ https://*.ceros.com https://home-c27.incontact.com https://secure.adnxs.com https://cdn.permutive.com https://trkn.us https://www.facebook.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.trustage.com https://cmfglifeinsurance.us-6.evergage.com https://www.gstatic.com https://*.optimizely.com https://*.affec.tv/ https://chase.hostedpaymentservice.net https://*.bing.com https://*.google.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://cdn.pdst.fm https://cdn.cookielaw.org https://snap.licdn.com https://*.qualtrics.com https://s.yimg.com https://*.salesforceliveagent.com https://*.facebook.com https://connect.facebook.net https://www.youtube.com https://bat.bing.com https://*.evgnet.com/ https://*.levelaccess.net https://chase-var.hostedpaymentservice.net https://*.oktacdn.com https://www.googleoptimize.com https://*.trustpilot.com/ https://az416426.vo.msecnd.net/ https://solutions.invocacdn.com https://secure.adnxs.com https://cdn.permutive.com https://*.signalintent.coms https://*.segment.com https://*.ceros.coms; style-src 'self' 'unsafe-inline' https://cmfglifeinsurance.us-6.evergage.com https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.signalintent.com https://rsms.me https://*.googleapis.com https://*.google.com https://*.googlesyndication.com https://google.ca https://www.googleoptimize.com https://*.google-analytics.com https://*.trustpilot.com/ https://www.youtube.com https://web-modules-de-na1.niceincontact.com https://pwm-image.trendmicro.com https://cdn.honey.io; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; font-src 'self' data: https://cmfglifeinsurance.us-6.evergage.com https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com https://fonts.cdnfonts.com https://use.fontawesome.com https://static2.sharepointonline.com https://static.zip.co https://embed.signalintent.com https://appservice.azureedge.net/; report-uri /api/csp/report; 3 frame-ancestors 'self' ; object-src 'none' ; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3 default-src 'self';form-action 'self'; object-src 'self'; frame-ancestors 'self'; connect-src 'self' ely-keskus.fi *.youtube.com *.ahtp.fi *.cookiebot.com *.tyomarkkinatori.fi *.elisa.fi wss://*.elisa.fi tetyomarkkinatori.boost.ai boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com lukija.aimater.com fonts.gstatic.com googleads.g.doubleclick.net jnn-pa.googleapis.com play.google.com yt3.ggpht.com static.doubleclick.net i.ytimg.com www.google.com; style-src 'self' 'unsafe-inline' *.youtube.com *.elisa.fi fonts.googleapis.com; img-src * data:; script-src 'self' 'unsafe-inline' *.cookiebot.com analytiikka.tyomarkkinatori.fi analytiikka.ahtp.fi *.elisa.fi lukija.aimater.com tetyomarkkinatori.boost.ai keha-matomo-sdg-qa-qa.azurewebsites.net; frame-src 'self' *.cookiebot.com feed.mikle.com *.youtube.com ; media-src data:; font-src 'self' fonts.gstatic.com ; report-uri https://csp-report-fa-prod.azurewebsites.net/api/csp-report; 3 default-src 'self' *.smartschool.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com https://ssl.p.jwpcdn.com stats.wp.com use.typekit.net p.jwpcdn.com *.google-analytics.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' c0.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com data:; img-src 'self' *.typekit.net pixel.wp.com *.google-analytics.com stats.g.doubleclick.net data:; connect-src performance.typekit.net stats.g.doubleclick.net; report-uri /csp-violation.php 3 font-src 'self' https://smartphonehoesjes.nl https://handyhuellen.de https://coquedetelephone.fr https://ploonk.fr *.smartphonehoesjes.nl *.coquedetelephone.fr *.ploonk.fr *.mopinion.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.doubleclick.net *.facebook.com *.tradedoubler.com *.sovendus-connect.com *.colorlab.io js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://static.buckaroo.nl https://cdn.acc-smartphonehoesjes.nl https://cdn.acc-brandcommerce.nl https://cdn.acc-ploonk.fr https://cdn.acc-handyhuellen.de https://cdn.smartphonehoesjes.nl https://cdn.brandcommerce.nl https://cdn.ploonk.fr https://cdn.handyhuellen.de *.smartphonehoesjes.nl *.etrusted.com *.google.com *.google.nl *.facebook.com https://squeezely.tech *.squeezely.tech *.bing.com *.pointspay.com *.trustedshops.com *.roeyecdn.com *.doubleclick.net magefan.com cm.magefan.com *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.buckaroo.nl *.localhost *.acc-smartphonehoesjes.nl *.acc-ploonk.fr *.acc-handyhuellen.de *.acc-brandcommerce.de https://smartphonehoesjes.nl *.smartphonehoesjes.nl *.ploonk.fr *.coquedetelephone.fr *.handyhuellen.de *.analytics.google.com https://www.clarity.ms *.google.com *.google.nl *.facebook.net *.tiktok.com *.doubleclick.net *.bing.com *.etrusted.com *.elitechnology.com *.beslist.nl https://squeezely.tech *.squeezely.tech *.trustedshops.com *.mopinion.com *.dwin1.com *.aiden.cx *.kickbite.io *.colorlab.io *.hotjar.com *.sovendus.com *.wurflcloud.com https://fonts.gstatic.com *.cloudfront.net *.roeyecdn.com *.disqus.com *.avada.io js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.localhost *.googleapis.com *.etrusted.com *.mopinion.com *.fontawesome.com https://fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://smartphonehoesjes.nl *.smartphonehoesjes.nl *.handyhuellen.de *.ploonk.fr wss://*.azurewebsites.net *.google-analytics.com *.wurflcloud.com *.clarity.ms https://get.geojs.io *.amazon.com *.etrusted.com *.demdex.net *.sc.omtrdc.net *.cardinalcommerce.com *.acc-smartphonehoesjes.nl *.acc-ploonk.fr *.acc-handyhuellen.de *.acc-brandcommerce.de *.coquedetelephone.fr https://google.com *.google.com https://google.nl *.google.nl *.tiktok.com *.hotjar.com *.doubleclick.net *.aiden.cx *.sovendus.com *.trustedshops.com *.youtube.com *.plyr.io noembed.com *.amazonaws.com *.mopinion.com *.beslist.nl *.kickbite.io *.bing.com *.bing.net *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.adbr.io *.fontawesome.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.adabra.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.trustpilot.com *.criteo.com *.cookiebot.com *.youtube.com *.hotjar.com *.adbr.io ad4m.at *.ad4m.at service.force.com *.marketingspray.com *.criteo.net *.tncid.app *.clinch.co *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.de *.google.it *.bing.com *.adbr.io maps.googleapis.com *.ad4m.at ih.adscale.de rtb-csync.smartadserver.com simage2.pubmatic.com dsum-sec.casalemedia.com *.twiago.com ad.yieldlab.net *.marketingspray.com *.adform.net *.clarity.ms *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.tremorhub.com *.yieldmo.com *.krxd.com *.thebrighttag.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com maps.gstatic.com *.flavedo.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.criteo.com *.criteo.net *.newrelic.com *.cookiebot.com bam.nr-data.net *.google.de *.google.it *.bing.com *.hotjar.com *.adbr.io ad4m.at pushpad.xyz service.force.com *.salesforceliveagent.com *.marketingspray.com *.shippypro.com *.kk-resources.com *.farmae.it *.clarity.ms *.googleoptimize.com *.tiktok.com *.dwin1.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.tncid.app *.clinch.co *.visualwebsiteoptimizer.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com maps.googleapis.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.adbr.io service.force.com *.shippypro.com *.fontawesome.com *.stripe.network *.stripecdn.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com bam.nr-data.net *.doubleclick.net *.trustpilot.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.adbr.io *.googleapis.com *.shippypro.com pushpad.xyz *.clarity.ms *.tiktok.com *.criteo.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.hotjar.io *.tncid.app *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.citrusad.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 frame-ancestors 'self'; report-uri https://www.bodyandsoul.com.au/csp-reports 3 default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 3 font-src data: *.gstatic.com *.tryggehandel.net tryggehandel.net *.googleapis.com googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.collector.se *.cardinalcommerce.com *.jobylon.com *.doubleclick.net *.criteo.com criteo.com *.criteo.net criteo.net *.proffs.se *.walleydev.com *.walleypay.com doubleclick.net *.dotdigital-pages.com *.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io googleadservices.com google-analytics.com *.magentocommerce.com *.s.ytimg.com *.googleadservices.com *.google-analytics.com *.googleapis.com googleapis.com *.gstatic.com *.collector.se *.adnxs.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.dk *.byggmax.com byggmax.se byggmax.no byggmax.fi byggmax.com byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk *.bing.com bing.com *.teads.tv teads.tv *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com *.3lift.com 3lift.com *.smaato.net *.taboola.com taboola.com *.doubleclick.com *.360yield.com 360yield.com *.yahoo.com *.casalemedia.com casalemedia.com *.openx.net *.sharethrough.com sharethrough.com *.bidswitch.net *.pubmatic.com pubmatic.com *.omnitagjs.com omnitagjs.com *.yieldmo.com yieldmo.com *.ivitrack.com ivitrack.com *.advertising.com *.stickyadstv.com *.media.net media.net *.criteo.com criteo.com *.doubleclick.net *.e-planning.net *.clmbtech.com *.adform.net adform.net *.liadm.com *.postrelease.com postrelease.com *.smartclip.net *.krxd.net *.ad-stir.com *.outbrain.com outbrain.com *.tremorhub.com tremorhub.com *.demdex.net *.pingdom.net *.adscale.de *.twiago.com *.google.com *.google.se *.bluekai.com *.wisepops.com *.tapad.com *.mgid.com *.rambler.ru *.thebrighttag.com *.walleypay.com *.1rx.io 1rx.io id5-sync.com *.id5-sync.com *.mediavine.com mediavine.com *.yieldlab.net yieldlab.net *.emxdgt.com emxdgt.com *.unrulymedia.com unrulymedia.com *.tryggehandel.net tryggehandel.net adnxs.com cm.g.doubleclick.net bidswitch.net www.facebook.com *.quantserve.com quantserve.com https://images.unsplash.com *.trackedlink.net https://cdn.flbx.io data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google-analytics.com *.collector.se *.assets.adobedtm.com *.authorize.net *.geostag.cardinalcommerce.com *.paypal.com *.vimeo.com *.ccdc02.com google.com *.braintreegateway.com *.ytimg.com *.signifyd.com *.adnxs.com adnxs.com adtr.io *.googletagmanager.com *.criteo.net *.criteo.com criteo.net criteo.com *.trackedlink.net *.jobylon.com *.doubleclick.net doubleclick.net *.googleapis.com googleapis.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.com *.byggmax.dk byggmax.se byggmax.no byggmax.fi byggmax.com byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk *.bing.com *.hotjar.com hotjar.com bing.com *.cloudflare.com *.wisepops.com *.facebook.net facebook.net *.quantserve.com quantserve.com *.quantcount.com *.cloudflareinsights.com *.pingdom.net pingdom.net *.getflowbox.net *.kuvio.io kuvio.io *.walleydev.com *.tryggehandel.net tryggehandel.net *.dynamicyield.com dynamicyield.com *.testfreaks.com testfreaks.com *.walleypay.com *.videoly.co dialogtrail.com *.dialogtrail.com wisepops.net *.wisepops.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com googleapis.com *.byggmax.se *.byggmax.no *.byggmax.fi *.byggmax.dk www.byggmax.se www.byggmax.no www.byggmax.fi www.byggmax.dk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.wisepops.com *.google-analytics.com google-analytics.com *.collector.se *.pingdom.net pingdom.net *.adnxs.com adnxs.com *.walleydev.com *.walleypay.com *.dynamicyield.com dynamicyield.com www.google.com google.com *.google.com *.doubleclick.net doubleclick.net *.criteo.com *.criteo.net criteo.com criteo.net *.dialogtrail.com dialogtrail.com *.ebbot.app ebbot.app *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src *.fontawesome.com bonialconnect.com *.oney.io assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/static/ *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de secure.ogone.com v1-sim.preprod.psp-solutions.com v2-sim.preprod.psp-solutions.com www.facebook.com/tr/ bpcepaymentservices-3ds-vdm.wlp-acs.com bnpp-3ds-vdm.wlp-acs.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ https://epaync.nc/static/ https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com secure.ogone.com ogone.test.v-psp.com widget.trustpilot.com gum.criteo.com s.salecycle.com https://10766555.fls.doubleclick.net/ static.criteo.net/ www.facebook.com/ magasins.bureau-vallee.fr magasins.bureau-vallee.be magasins.bureau-vallee.nc magasins.bureau-vallee.re magasins.bureau-vallee.gf magasins.bureau-vallee.yt magasins.bureau-vallee.gp magasins.bureau-vallee.sx t.clic2buy.com bpcepaymentservices-3ds-vdm.wlp-acs.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io td.doubleclick.net https://epaync.nc/vads-payment/ https://epaync.nc/static/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org bva-preprod-fbi-fr-media-s3.s3.amazonaws.com bva-recette-fbi-fr-media-s3.s3.amazonaws.com bv-prd-fbi-fr-media.s3.eu-west-3.amazonaws.com bv-prd-fbi-fr-media.s3.amazonaws.com d2hlj6xfalexml.cloudfront.net d3n1o8ch79p937.cloudfront.net dxbyzx5id4chj.cloudfront.net bonialconnect.com content-media.bonial.biz rum-metrics.quanta.io bat.bing.com ib.adnxs.com www.facebook.com cm.g.doubleclick.net gum.criteo.com dis.criteo.com sync-t1.taboola.com x.bidswitch.net r.casalemedia.com ad.360yield.com contextual.media.net sync.outbrain.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com e1.emxdgt.com cm.adform.net visitor.omnitagjs.com id5-sync.com matching.ivitrack.com exchange.mediavine.com simage2.pubmatic.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com beacon.krxd.net s.thebrighttag.com www.bureau-vallee.fr www.google.fr bvci-e2.colop.com utypia.bureau-vallee.fr *.oney.io assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io www.gstatic.com jadserve.postrelease.com ad.doubleclick.net public-prod-dspcookiematching.dmxleo.com https://epaync.nc/static/latest/images/type-carte/ https://epaync.nc/static/ https://epaync.nc/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://assets.fintecture.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com polyfill.io magasins.bureau-vallee.fr widget.trustpilot.com bonialconnect.com s3.amazonaws.com maps.googleapis.com/ d16fk4ms6rqz1v.cloudfront.net bat.bing.com appstatic.quanta.io try.abtasty.com acdn.adnxs.com static.criteo.net sslwidget.criteo.com connect.facebook.net cdn.jsdelivr.net static.target2sell.com js-agent.newrelic.com/ bam.eu01.nr-data.net *.oney.io magasins.bureau-vallee.be magasins.bureau-vallee.nc magasins.bureau-vallee.re magasins.bureau-vallee.gf magasins.bureau-vallee.yt magasins.bureau-vallee.gp magasins.bureau-vallee.sx rs.clic2buy.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io pagead2.googlesyndication.com tpc.googlesyndication.com *.algolia.io https://epaync.nc/api-payment/ https://epaync.nc/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets-staging.oney.io *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io https://epaync.nc/static/ *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src pay.google.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io s3.eu-west-1.amazonaws.com www.bonialserviceswidget.de maps.googleapis.com trackingapi.bonial.fr bonialconnect.com dcinfos-cache.abtasty.com ariane.abtasty.com c.salecycle.com api.ipify.org i.salecycle.com wss://ws.salecycle.com/ region1.analytics.google.com www.facebook.com serv-api.target2sell.com bat.bing.com/actionp/ rum-metrics.quanta.io reco.target2sell.com bam.eu01.nr-data.net www.google.fr *.oney.io autocomplete.geocoder.api.here.com assets.app.smart-tribune.com cdnjs.cloudflare.com api-gateway.app.smart-tribune.com polyfill-fastly.io try.abtasty.com pagead2.googlesyndication.com measurement-api.criteo.com apigw-cf.bva-integ-web.decade.fr https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ bva-recette-impression-s3.s3.eu-west-3.amazonaws.com bva-preprod-impression-s3.s3.eu-west-3.amazonaws.com bva-prod-impression-s3.s3.eu-west-3.amazonaws.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://epaync.nc/vads-payment/ https://epaync.nc/api-payment/ https://epaync.nc/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src * data:; script-src * 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr *; style-src * 'unsafe-inline' blob:; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * 'self' data: blob:; font-src * 'self' data: blob:; connect-src * 'self' blob:; media-src * 'self' blob:; object-src * 'self' 'unsafe-inline' blob:; prefetch-src * 'self' blob:; child-src * 'self' blob:; frame-src * 'self' blob:; worker-src * 'self' blob:; frame-ancestors * 'self' blob:; form-action *; upgrade-insecure-requests; base-uri * 'self'; manifest-src * blob: sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-to-custom-protocols; 3 font-src *.fontawesome.com data: https://fonts.gstatic.com https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com js.mollie.com https://vars.hotjar.com https://www.pinterest.fr https://www.pinterest.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.bird.eu a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://cdn.flbx.io https://www.mollie.com https://www.google-analytics.com https://www.google.com https://www.google.fr *.ggpht.com *.googleapis.com https://maps.gstatic.com https://log.pinterest.com *.mondialtissus.fr *.mondialtissus.de *.mondialtissus.es *.mondialtissus.it *.mondialtissus.nl *.mondialtissus.se www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://www.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io https://cdn.flbx.io *.getflowbox.com http://connect.getflowbox.com js.mollie.com https://sdk.privacy-center.org https://www.google-analytics.com https://www.analytics.google.com https://www.googleadservices.com https://www.googletagmanager.com https://wwww.paypalobjects.com https://s.ytimg.com https://maps.googleapis.com https://www.gstatic.com/recaptcha https://js.mollie.com https://france.mondialtissus.fr https://cdnjs.cloudflare.com https://assets.pinterest.com https://static.zdassets.com https://ekr.zdassets.com https://api.target2sell.com https://reco.target2sell.com https://serv-api.target2sell.com https://static.target2sell.com https://apis.google.com https://mondialtissus.zendesk.com https://admin.mondialtissus.fr js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://*.amazonaws.com https://cdn.flbx.io https://connect.getflowbox.com http://connect.getflowbox.com https://www.google-analytics.com https://api.target2sell.com https://reco.target2sell.com https://serv-api.target2sell.com https://static.target2sell.com *.hotjar.com https://ekr.zdassets.com https://maps.googleapis.com https://mondialtissus.zendesk.com https://a.getflowbox.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net 'self' 'unsafe-inline'; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; 3 object-src 'none'; script-src 'self' cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com https://static.addtoany.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; style-src 'self' cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-attr 'self'; frame-ancestors 'self' 3 default-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; upgrade-insecure-requests; 3 base-uri 'self'; default-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://*.googleapis.com *.googleapis.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com https://api.userway.org api.userway.org https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://*.google.com *.google.com https://cdn.userway.org cdn.userway.org https://*.api.userway.org *.api.userway.org https://sessions.bugsnag.com sessions.bugsnag.com https://px.ads.linkedin.com px.ads.linkedin.com https://*.facebook.com *.facebook.com https://region1.google-analytics.com region1.google-analytics.com https://geolocation.onetrust.com geolocation.onetrust.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com https://cdn.userway.org cdn.userway.org data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://sidebar.bugherd.com sidebar.bugherd.com https://*.googletagmanager.com *.googletagmanager.com https://challenges.cloudflare.com challenges.cloudflare.com https://cdn.userway.org cdn.userway.org; img-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://*.googletagmanager.com *.googletagmanager.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.uk *.google.co.uk https://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com *.linkedin.com https://*.facebook.com *.facebook.com https://cdn.userway.org cdn.userway.org https://d2iiunr5ws5ch1.cloudfront.net d2iiunr5ws5ch1.cloudfront.net blob: data:; media-src https://youtube.com youtube.com https://ddo8pjvnj55tt.cloudfront.net ddo8pjvnj55tt.cloudfront.net; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.licdn.com *.licdn.com https://*.googleapis.com *.googleapis.com https://*.google.com *.google.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.onetrust.com *.onetrust.com https://connect.facebook.net connect.facebook.net https://sidebar.bugherd.com sidebar.bugherd.com https://cdn.userway.org cdn.userway.org https://*.bugherd.com *.bugherd.com https://static.cloudflareinsights.com static.cloudflareinsights.com https://challenges.cloudflare.com challenges.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.userway.org cdn.userway.org 'unsafe-inline'; upgrade-insecure-requests 3 font-src maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com * *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hipay-tpp.com *.hipay.com *.paypal.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.salecycle.com *.criteo.com *.hotjar.com *.facebook.net track.effiliation.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.retif.eu *.hsforms.net *.hsforms.com * *.googleapis.com *.ggpht.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.newrelic.com *.iadvize.com *.cookielaw.org *.bing.com *.pinimg.com *.hotjar.com *.salecycle.com *.facebook.net *.licdn.com *.criteo.com track.effiliation.com *.hsforms.net *.hsforms.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hipay.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com * *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.facebook.net *.criteo.com track.effiliation.com t.elasticsuite.io *.hsforms.net *.hsforms.com * *.google.com *.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 child-src 'self' https://*.worldanimalprotection.ca; connect-src 'self' https://*.ads.linkedin.com https://*.adtrafficquality.google https://*.clarity.ms https://*.cookiebot.com https://*.cookiefirst.com https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.omappapi.com https://*.optimizely.com https://*.snapchat.com https://*.tiktok.com https://*.trackedweb.net https://*.worldanimalprotection.ca https://api.segment.io https://bat.bing.com https://cdn.segment.com https://ct.pinterest.com https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com https://m.worldanimalprotection.org.au https://stats.g.doubleclick.net https://www.facebook.com https://www.google.ae/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.ca/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.co.uk https://www.google.com.au/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.tn/ads/ga-audiences https://www.googleadservices.com wss://*.userflow.com wss://ws.hotjar.com; default-src 'self'; font-src 'self' https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://*.worldanimalprotection.ca https://fonts.gstatic.com https://static.fundraiseup.com; frame-src 'self' https://*.adtrafficquality.google https://*.cookiebot.com https://*.fls.doubleclick.net https://*.snapchat.com https://*.worldanimalprotection.ca https://ct.pinterest.com https://embed.acast.com https://embed.podcasts.apple.com https://form.asana.com https://m.worldanimalprotection.org.au https://open.spotify.com https://pagead2.googlesyndication.com https://player.vimeo.com https://td.doubleclick.net https://www.googletagmanager.com https://www.instagram.com https://www.riddle.com https://www.youtube.com; img-src 'self' blob: data: https://*.ads.linkedin.com https://*.adtrafficquality.google https://*.clarity.ms https://*.cookiebot.com https://*.fls.doubleclick.net https://*.google.com https://*.idio.episerver.net https://*.optimizely.com https://*.tvsquared.com https://*.twitter.com https://*.worldanimalprotection.ca https://ad.doubleclick.net https://bat.bing.com https://c.bing.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.idio.co https://i.ytimg.com https://optimizely-public-design-assets.s3.amazonaws.com https://static.fundraiseup.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.ae/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.ca/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.co.uk https://www.google.com https://www.google.com.au/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.tn/ads/ga-audiences https://www.googletagmanager.com; manifest-src 'self' https://*.worldanimalprotection.ca; media-src 'self' https://*.worldanimalprotection.ca; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.ads-twitter.com https://*.adtrafficquality.google https://*.clarity.ms https://*.cookiebot.com https://*.cookiefirst.com https://*.googlesyndication.com https://*.hotjar.com https://*.idio.episerver.net https://*.omappapi.com https://*.optimizely.com https://*.snapchat.com https://*.ssl.cf5.rackcdn.com/ https://*.tiktok.com https://*.trackedweb.net https://*.tvsquared.com https://*.worldanimalprotection.ca https://ajax.googleapis.com https://bat.bing.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/ https://cdn.jsdelivr.net/npm/feather-icons/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com https://connect.facebook.net https://ct.pinterest.com https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.userflow.com https://m.worldanimalprotection.org.au https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://player.vimeo.com https://s.pinimg.com https://s3.amazonaws.com/doe.worldanimalprotection.org.br/ https://sc-static.net https://snap.licdn.com https://static.fundraiseup.com https://static.zdassets.com https://web-sdk-eu.aptrinsic.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.riddle.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ads-twitter.com https://*.adtrafficquality.google https://*.clarity.ms https://*.cookiebot.com https://*.cookiefirst.com https://*.googlesyndication.com https://*.hotjar.com https://*.idio.episerver.net https://*.omappapi.com https://*.optimizely.com https://*.snapchat.com https://*.ssl.cf5.rackcdn.com/ https://*.trackedweb.net https://*.tvsquared.com https://*.worldanimalprotection.ca https://ajax.googleapis.com https://bat.bing.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/ https://cdn.jsdelivr.net/npm/feather-icons/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com https://connect.facebook.net https://ct.pinterest.com https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.userflow.com https://m.worldanimalprotection.org.au https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://player.vimeo.com https://s.pinimg.com https://s3.amazonaws.com/doe.worldanimalprotection.org.br/ https://sc-static.net https://snap.licdn.com https://static.fundraiseup.com https://static.zdassets.com https://web-sdk-eu.aptrinsic.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.riddle.com https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' blob: https://*.cookiebot.com https://*.cookiefirst.com https://*.omappapi.com https://*.worldanimalprotection.ca https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://fonts.googleapis.com https://form.asana.com https://hello.myfonts.net https://m.worldanimalprotection.org.au https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://web-sdk-eu.aptrinsic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' blob: https://*.cookiebot.com https://*.cookiefirst.com https://*.omappapi.com https://*.worldanimalprotection.ca https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://fonts.googleapis.com https://form.asana.com https://hello.myfonts.net https://m.worldanimalprotection.org.au https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/ https://web-sdk-eu.aptrinsic.com https://www.gstatic.com; report-to stott-security-endpoint;report-uri https://www.worldanimalprotection.us/stott.security.optimizely/api/cspreporting/reporturiviolation/; 3 default-src 'self' 'unsafe-inline' *.nationalgrideso.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.hotjar.com *.clarity.ms bing.com *.bing.com players.brightcove.net *.nationalgrideso.com www.googletagmanager.com assets.juicer.io js.createsend1.com www.smartsurvey.co.uk assets.smartsurvey.io snap.licdn.com unpkg.com js-agent.newrelic.com *.cookieyes.com cdn-cookieyes.com my.visme.co; style-src 'self' 'unsafe-inline' *.nationalgrideso.com assets.juicer.io unpkg.com fonts.googleapis.com; img-src 'self' data: *.nationalgrideso.com *.clarity.ms www.googletagmanager.com *.google.co.uk c.bing.com www.juicer.io assets.juicer.io www.smartsurvey.co.uk *.cartocdn.com datanationalgrideso.files.wordpress.com *.tile.openstreetmap.org *.linkedin.com *.cookieyes.com cdn-cookieyes.com; frame-src 'self' *.nationalgrideso.com *.nationalgrid.com players.brightcove.net www.youtube.com app.powerbi.com my.visme.co; font-src 'self' themes.googleusercontent.com static.juicer.io fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.clarity.ms *.hotjar.io *.hotjar.com *.google-analytics.com *.analytics.google.com storage.googleapis.com www.juicer.io *.staging.datopian.com bam.nr-data.net *.cookieyes.com cdn-cookieyes.com 3 font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.nosto.com *.nos.to *.klarna.com js.mollie.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.awin1.com *.zenaps.com *.wepowerconnections.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.nosto.com *.nos.to *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.nosto.com *.nos.to *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com js.mollie.com https://www.google.com https://www.gstatic.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.nosto.com *.nos.to *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.wepowerconnections.com https://the.sciencebehindecommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.nosto.com *.nos.to *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com widget.freshworks.com m2epro.freshdesk.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://20a27546-5165-4716-8e1c-c91dee6f68ae.sansec.watch/; report-to report-endpoint; 3 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com https://vcdn.blob.core.windows.net/* https://cdn.vcdn.vc/*; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; report-uri /CSPEndpoint.aspx; Report-To default; 3 default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' metrics.mastercard.com smetrics.mastercard.com assets.adobedtm.com cdn.cookielaw.org www.onetrust.com onetrust.com geolocation.onetrust.com privacyportal.onetrust.com cdn.jsdelivr.net https://asset.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' metrics.mastercard.com smetrics.mastercard.com assets.adobedtm.com cdn.cookielaw.org www.onetrust.com onetrust.com geolocation.onetrust.com privacyportal.onetrust.com st.dynamicyield.com go.mastercardservices.com pi.pardot.com snap.licdn.com assets.adobetm.com api-mastercard-dxp.nd.nudatasecurity.com s.go-mpulse.net 6sc.co 6sense.com *.6sc.co *.6sense.com cdn.jsdelivr.net https://asset.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn.dynamicyield.com; frame-ancestors 'self' 3 report-uri https://gfcorporate.report-uri.com/r/d/csp/reportOnly ; default-src 'self' www.gfms.com gfms.com www.gfps.com gfcorporate.report-uri.com *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ; connect-src 'self' *.google-analytics.com apikeys.civiccomputing.com *.googleapis.com center.lon5.atomz.com clapi.civiccomputing.com sp1004e61f.guided.lon5.atomz.com sp1004e61a.guided.lon5.atomz.com sp1004e5dd.guided.lon5.atomz.com stats.g.doubleclick.net www.facebook.com uberall.com locator.uberall.com api.moin.ai www.gfps.com www.gfpstools.com neoflow.gfpstools.com cdn.linkedin.oribi.io assets.georgfischer.com google.com analytics.google.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cdn.cookielaw.org *.onetrust.com *.svc.dynamics.com *.clarity.ms ad.doubleclick.net adservice.google.com assets-eur.mkt.dynamics.com public-eur.mkt.dynamics.com assets.adobedtm.com c-cdn.contentfry.com catalog.contentfry.com platform.contentfry.com code.jquery.com fbo-b.flippingbook.com online.flippingbook.com live.solique.ch polyfilljs.org s7e5a.scene7.com s7mbrstream-g1.scene7.com www.googleadservices.com ; font-src 'self' fonts.gstatic.com www.gfms.com widget.moin.ai static-prod.uberall.com static.prod.uberall.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.google-analytics.com *.googletagmanager.com assets.adobedtm.com ajax.googleapis.com assets.georgfischer.com cc.cdn.civiccomputing.com connect.facebook.net cdnjs.cloudflare.com gstatic.com maps.googleapis.com siteimproveanalytics.com snap.licdn.com static-prod.uberall.com uberall.com locator.uberall.com www.youtube.com www.pagespeed-mod.com www.googleoptimize.com mktdplp102cdn.azureedge.net www.pagespeed-mod.com widget.moin.ai platform.contentfry.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com r1.dotdigital-pages.com r1-t.trackedlink.net r1.ddlnk.net www.googleadservices.com; script-src-elem uberall.com www.googletagmanager.com 'self' assets.georgfischer.com blob: code.jquery.com locator.uberall.com maps.googleapis.com s7e5a.scene7.com www.clarity.ms www.google.com www.googleadservices.com www.youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com assets.georgfischer.com errors.adobeaemcloud.com widget.moin.ai ; style-src-elem www.googletagmanager.com 'self' assets.georgfischer.com blob: s7e5a.scene7.com www.gstatic.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.georgfischer.com www.linkedin.com *.global.siteimproveanalytics.io nswow-imageresizer.azurewebsites.net px.ads.linkedin.com www.facebook.com connect.facebook.net *.google.com gfms.com www.gfms.com static-prod.uberall.com static.prod.uberall.com www.linkedin.com s7e5a.scene7.com *.g.doubleclick.net *.svc.dynamics.com i.ytimg.com maps.gstatic.com fonts.gstatic.com www.gfps.com www.gfpstools.com locator.uberall.com *.amazonaws.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cdn.cookielaw.org c.clarity.ms m.youtube.com www.cleanwater.ch *.onetrust.com ; child-src 'self' blob: analytics-eu.clickdimensions.com live.solique.ch www.youtube.com ; form-action www.facebook.com www.georgfischer.com 'self' ; frame-ancestors 'self' ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: analytics-eu.clickdimensions.com google.com ir.tools.investis.com irs.tools.investis.com live.solique.ch recruitingapp-5505.de.umantis.com registration.gesevent.com six-swiss-exchange.com tools.google.com uberall.com widget.moin.ai *.svc.dynamics.com *.ep-mimecast.dynamics.com www.gfps.com bim.gfps.com ir2.flife.de www.youtube.com m.youtube.com *.ep-mimecast.youtube-nocookie.com www.youtube-nocookie.com.x.af435fba09eaa04ff30886e05784e20ddae5.d045227c.id.opendns.com r1.dotdigital-pages.com display.contentfry.com googletagmanager.com cad.georgfischer.com forms.office.com foundation-gf-dev.georgfischer.com online.flippingbook.com players.brightcove.net youtube.com ; manifest-src 'self' ; media-src 'self' assets.georgfischer.com gfms.com s7e5a.scene7.com s7mbrstream-g1.scene7.com www.gfps.com ; 3 report-uri /_/csp-reports 3 default-src 'self' https://*.cobytes.com; base-uri 'self' https://*.cobytes.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net; script-src 'unsafe-inline' https://www.googletagmanager.com use.typekit.net https://consent.cookiebot.com; img-src 'self' data: www.googletagmanager.com p.typekit.net; font-src 'self' use.typekit.net; connect-src 'self' www.googletagmanager.com https://consentcdn.cookiebot.com https://consent.cookiebot.com; form-action 'self'; frame-src 'self' https://consentcdn.cookiebot.com; frame-ancestors 'none'; report-uri https://sentry.cobytes.com/api/18/security/?sentry_key=be8d1ecc0a39a743267d314a7fd02311 3 font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.doubleclick.net *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: *.gstatic.com *.googleapis.com *.yandex.ru *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.freshworks.com *.hotjar.com *.retailrocket.net *.yandex.ru *.api.useinsider.com *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud *.freshworks.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.yotpo.com *.nr-data.net *.freshworks.com *.googleapis.com stats.g.doubleclick.net *.yandex.ru *.mercadopago.com *.mercadolibre.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 3 font-src *.fontawesome.com *.gstatic.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com *.sharethis.com www.xtento.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.sharethis.com https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.openstreetmap.org https://maps.googleapis.com *.cloudfront.net *.facebook.com www.google.it *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com cdnjs.cloudflare.com *.clerk.io *.clarity.ms connect.facebook.net *.cloudfront.net *.bing.com www.xtento.com cdn.xtento.com *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.fontawesome.com *.trustpilot.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.openstreetmap.org https://maps.googleapis.com stats.g.doubleclick.net *.clarity.ms *.facebook.com *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com https://www.facebook.com https://tpc.googlesyndication.com https://consentcdn.cookiebot.com https://assets.braintreegateway.com https://*.paypal.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.trackedlink.net https://www.google.fi https://maps.gstatic.com https://maps.googleapis.com https://log.pinterest.com https://eckerolinechatbottest.blob.core.windows.net https://fonts.gstatic.com https://assets.braintreegateway.com https://*.paypal.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://ajax.cloudflare.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://eckerolinechatbottest.blob.core.windows.net https://api.videoly.co https://www.google.fi https://www.googleadservices.com https://tpc.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://snap.licdn.com https://interfaces.zapier.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fast.fonts.net https://eckerolinechatbottest.blob.core.windows.net https://use.typekit.net https://p.typekit.net https://assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://vimeo.com https://consentcdn.cookiebot.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.paypal.com https://px.ads.linkedin.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src https://assets.braintreegateway.com https://*.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com https://torus-stage-halkbankmacedonia.asseco-see.com.tr/ https://epay.halkbank.mk/fim/est3Dgate form.wspay.biz formtest.wspay.biz 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com www.google.com *.youtube-nocookie.com *.sharethis.com www.facebook.com www.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net issuu.com assets.pinterest.com *.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com www.google.hr *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com maps.gstatic.com maps.googleapis.com log.pinterest.com pinterest.com www.pinterest.com *.hotjar.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com analytics.google.com www.googletagmanager.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net maps.googleapis.com *.hotjar.com connect.facebook.net *.disqus.com assets.pinterest.com *.tiktok.com analytics.google.com www.googletagmanager.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com downloads.mailchimp.com googletagmanager.com tagmanager.google.com fonts.googleapis.com *.hotjar.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.sharethis.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/ *.tiktok.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com 'unsafe-inline' data: *.channelsight.com *.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.facebook.com *.snapchat.com *.tiktok.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.twitter.com s.amazon-adsystem.com *.facebook.com *.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org viewinyourspace.com *.viewinyourspace.com *.myepigraph.com playcanv.as *.snapchat.com *.clinch.co *.pinterest.com https://recaptcha.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.bird.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com *.channelsight.com cscoreproweustor.blob.core.windows.net *.skil.com *.googleapis.com *.doubleclick.net *.seeitinyourspace.com *.pinterest.com *.nextdoor.com *.reddit.com insight.adsrvr.org *.ispot.tv egopowerplus.com *.egopowerplus.com egopowerplus.com.au *.flexpowertools.com pixel.roymorgan.com *.myepigraph.com *.intentiq.com edge.curalate.com *.linkedin.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com datadash.egopowerplus.com datadash.skil.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexsweepstakes2022.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.tiktok.com sc-static.net *.channelsight.com unpkg.com *.jsdelivr.net viewinyourspace.com *.viewinyourspace.com *.cookielaw.org *.addevent.com *.pinimg.com *.nextdoor.com *.crwdcntrl.com *.crwdcntrl.net mjca-yijws.global.ssl.fastly.net cdn.480app.com cdn.nmgassets.com *.clinch.co *.vimeo.com *.redditstatic.com *.snapchat.com adriano-au.avanser.com *.amazon-adsystem.com *.licdn.com *.pinterest.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net *.channelsight.com cdn.jsdelivr.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.bazaarvoice.com *.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.twitter.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com *.channelsight.com *.google-analytics.com *.doubleclick.net *.taboola.com secure-ds.serving-sys.com viewinyourspace.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.facebook.com *.tiktok.com *.snapchat.com *.cookielaw.org *.rain-staging.com *.seeitinyourspace.com *.gstatic.com blob: *.googleapis.com *.pinterest.com cdn.nmgassets.com jdl.nmgplatform.com colrep.sitelabweb.com lm.serving-sys.com us-central1-epigraph-product-configurator.cloudfunctions.net *.intentiq.com *.flexpowertools.com *.skil.com *.egopowerplus.com *.linkedin.com s.amazon-adsystem.com ara.paa-reporting-advertising.amazon js.monitor.azure.com *.reddit.com *.redditstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.olark.com mediacdn.espssl.com *.imi.chat *.frontiercoop.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.certcapture.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.certcapture.com *.authorize.net destinilocators.com *.duosecurity.com *.olark.com *.frontiercoop.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com *.widen.net *.widencdn.net *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.certcapture.com store.paradoxlabs.com frontiercoop.widen.net *.olark.com lux.speedcurve.com mediacdn.espssl.com brxcdn.com *.frontiercoop.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.widen.net *.widencdn.net *.facebook.com *.reddit.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.typekit.net google.com *.google.com *.cdn-apple.com *.certcapture.com *.authorize.net js-agent.newrelic.com bam.nr-data.net destinilocators.com *.olark.com cdn.speedcurve.com acsbapp.com s.pinimg.com bat.bing.com ct.pinterest.com *.exponea.com *.imi.chat *.frontiercoop.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.zendesk.com *.widen.net *.widencdn.net *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.certcapture.com *.olark.com mediacdn.espssl.com *.imi.chat *.frontiercoop.com *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.widen.net *.widencdn.net 'unsafe-inline' *.tagmanager.google.com *.googletagmanager.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.frontiercoop.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.magento-datasolutions.com *.magento-ds.com *.paypal.com google.com *.google.com *.certcapture.com *.authorize.net bam.nr-data.net lux.speedcurve.com *.acsbapp.com acsbapp.com ct.pinterest.com bat.bing.com *.exponea.com facebook.com *.facebook.com *.imi.chat *.frontiercoop.com *.olark.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com *.widen.net *.widencdn.net *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.olark.com *.frontiercoop.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google.com/ *.doubleclick.net test.saferpay.com www.saferpay.com saferpay.com https://player.vimeo.com https://www.youtube-nocookie.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud facebook.com youtube.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://consentcdn.cookiebot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com test.saferpay.com www.saferpay.com saferpay.com https://www.magezon.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com test.saferpay.com www.saferpay.com saferpay.com player.vimeo.com https://player.vimeo.com https://www.youtube.com *.adobedtm.com *.googleapis.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud facebook.net adobedtm.com adobe.com googleapis.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com *.typekit.net *.optimonk.com *.pinterest.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.google-analytics.com *.facebook.net *.google.com test.saferpay.com www.saferpay.com saferpay.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 3 frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src https://haywardpools.tfaforms.net/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com unsafe-inline assets.braintreegateway.com static.ecorebates.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; script-src https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-2.2.4.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js https://html5.dcatalog.com/dcviewer.js https://api.ipify.org/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://haywardpools.tfaforms.net/ https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com tfaforms.com adobedc.demdex.net *.yotpo.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.ecorebates.com hayward.ecorebates.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://www.youtube.com 'self' *.adobe.com www.totallyhayward.com 'self' 'unsafe-inline'; img-src https://hayward-pool-assets.com https://haywardpools.tfaforms.net https://mavenoidfiles.com/ https://mavenoid.com/ https://www.facebook.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; frame-src http://www.haywardnet.com https://html5.dcatalog.com https://haywardpools.tfaforms.net https://maps.google.com/ blob: https://haywardpools.tfaforms.net/72 fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com haywardpools.tfaforms.net *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; font-src https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/ *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com static.ecorebates.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; connect-src https://www.haywardnet.com/inground/products/energysolutions/getEnergyCalculatorResults.cfm https://hayward.ecorebates.com/ https://hayward-test-jsons.s3.amazonaws.com/data/locationData.json https://hayward-test-jsons.s3.amazonaws.com/data/featuresData.json https://hayward-test-jsons.s3.amazonaws.com/data/materialData.json https://hayward-test-jsons.s3.amazonaws.com/data/propertyTypeData.json https://hayward-test-jsons.s3.amazonaws.com/data/shapeSizeData.json https://hayward-test-jsons.s3.amazonaws.com/data/galleryData.json https://www.youtube.com https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://us-east-1-otel.formassembly.com/v1/traces https://stats.g.doubleclick.net/g/collect https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://commerce.hayward-pool-assets.com/magento/ https://haywardpools.tfaforms.net/72 dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com thm.visa.com api.addressy.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com *.yotpo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; 3 base-uri 'self'; default-src 'self' https:; connect-src 'self' data: blob: https://ga.jspm.io *.sentry.io https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com https://static.raspberrypi.org; font-src 'self' https: data: https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://challenges.cloudflare.com https://consentcdn.cookiebot.com *.google.com e.issuu.com prezi.com storify.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com; img-src 'self' https: data: https://*.raspberrypi.org https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; media-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' blob: https://static.raspberrypi.org/js/global-nav-web-component/ https://challenges.cloudflare.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.googletagmanager.com https://*.hotjar.com https://browser.sentry-cdn.com https://js.sentry-cdn.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com https://static.raspberrypi.org/styles/design-system/ https://*.cookiebot.com; worker-src blob:; report-uri https://o17504.ingest.us.sentry.io/api/4507769026707457/security/?sentry_key=53fc037dc5040a1a9fe07334577adc13&sentry_environment=production 3 default-src https://d3tw2v68rmxuj7.cloudfront.net; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://platform.twitter.com https://x.adroll.com; img-src https:; media-src https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 https://d3tw2v68rmxuj7.cloudfront.net;script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com https://unpkg.com/ionicons@4.5.5/dist/css/ionicons.min.css; report-uri /csp 3 default-src 'self' *.my127.site blob: *.my127.site inviqa.com inviqa.de youtube.com *.doubleclick.net *.google.com *.googleadservices.com *.google.co.uk *.hubspot.com *.trackedweb.net *.hotjar.com madixel.de cdn.cookielaw.org geolocation.onetrust.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.my127.site inviqa.com inviqa.de *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.gstatic.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.twitter.com *.trackedweb.net *.trackedlink.net madixel.de *.googleadservices.com *.ads-twitter.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.my127.site inviqa.com inviqa.de; img-src 'self' *.my127.site data: inviqa.com inviqa.de *.google.co.uk *.google.com *.google-analytics.com *.twitter.com *.linkedin.com t.co *.hubspot.com *.hsforms.com *.doubleclick.net cdn.cookielaw.org; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' *.my127.site data: inviqa.com inviqa.de; report-uri https://www.inviqa.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 3 font-src *.squarecdn.com *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.wahl.com *.userway.org *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.wahl.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.stripe.com stripe.com *.link.com *.amazon.com *.wahl.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.klarna.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com *.google.com *.gstatic.com *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.wahl.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com fonts.googleapis.com display.ugc.bazaarvoice.com *.klarnacdn.net *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.powerreviews.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com www.gstatic.com cdn.weglot.com *.wahl.com *.userway.org 'self' 'unsafe-inline'; object-src *.wahl.com 'self' 'unsafe-inline'; media-src *.adobe.com *.wahl.com 'self' 'unsafe-inline'; manifest-src *.wahl.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.addressy.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ wss://*.hotjar.com *.hotjar.com *.hotjar.io *.hubspot.com *.hubapi.com *.hs-banner.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.link.com x.clarity.ms cdn.cookielaw.org forms.hscollectedforms.net geolocation.onetrust.com api.userway.org cdn77.api.userway.org cdn.userway.org api.weglot.com cdn.weglot.com https://cdn-api-weglot.com *.wahl.com *.hsforms.net *.hsforms.com *.clarity.ms *.pcapredict.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; base-uri *.wahl.com 'self' 'unsafe-inline'; script-src https://pxl.jivox.com https://secure.adnxs.com https://apps.bazaarvoice.com/ cdn.weglot.com assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js bat.bing.com *.google-analytics.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.kaptcha.com *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarnaevt.com *.amazon.com *.link.com www.clarity.ms cdn.cookielaw.org js.hubspot.com cdn.userway.org svht.tradedoubler.com swrap.tradedoubler.com *.wahl.com *.hsforms.net *.hsforms.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src static.hsappstatic.net https://ad.doubleclick.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.essentialaccessibility.com *.wahlanimal.com s.ytimg.com *.google.com *.google.com.mx *.google-analytics.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com *.google.com.in *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com c.clarity.ms cdn.cookielaw.org cdn.userway.org *.wahl.com *.magecomp.com *.google.com.ua www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; default-src https://de.wahl.com https://fr.wahl.com https://nl.wahl.com https://eu.wahl.com https://es.wahl.com https://jp.mcprod.wahl.com *.wahl.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3 font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.typekit.net *.trustedshops.com *.dhlparcel.nl *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com 'self' data: *.bookerz.nl www.googletagmanager.com https://*.dpdconnect.nl *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com www.googleadservices.com www.google-analytics.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.trustedshops.com *.google.nl www.googletagmanager.com *.bing.com bat.bing.net *.sooqr.com *.multisafepay.com www.magmodules.eu *.squeezely.tech www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googleadservices.com www.google-analytics.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com 'self' data: *.trustedshops.com *.convertexperiments.com *.robinhq.com *.windows.net *.msecnd.net *.dhlparcel.nl *.hotjar.com *.bing.com *.deacto.nl www.googletagmanager.com *.multisafepay.com js-agent.newrelic.com https://*.dpdconnect.nl s7.addthis.com *.avada.io *.sooqr.com https://pay.google.com squeezely.tech www.squeezely.tech *.squeezely.tech www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com 'self' data: *.typekit.net *.trustedshops.com *.dhlparcel.nl *.fontawesome.com *.sooqr.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com *.google-analytics.com *.facebook.com *.facebook.net *.google.nl *.doubleclick.net *.googlesyndication.com 'self' data: *.visualstudio.com *.amazonaws.com *.google.com *.trustedshops.com *.bing.com bat.bing.net *.convertexperiments.com *.deacto.nl *.googleapis.com google-analytics.com bam.eu01.nr-data.net ekr.zdassets.com/ https://get.geojs.io *.avada.io *.multisafepay.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; font-src 'self' *.gstatic.com; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com data: *.onetrust.com cm.everesttech.net *.googleapis.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://costa.report-uri.com/r/t/csp/reportOnly; report-to default 3 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com v2.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.twitter.com https://www.facebook.com www.googletagmanager.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://*.google.com *.doubleclick.net *.googlesyndication.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.twitter.com axi.maxiaxi.com *.pinterest.com *.addthis.com https://consentcdn.cookiebot.com *.fast.amc.demdex.net https://tr.snapchat.com https://www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com https://static.buckaroo.nl validate.fishpig.co.uk https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://redchamps.com ts.tradetracker.net www.magmodules.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.maxiaxi.com bat.bing.com www.google.nl *.squeezely.tech tm-tradetracker.net *.pinterest.com *.googleapis.com *.googleoptimize.com *.linkedin.com *.cookiebot.com *.etrusted.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io tm.tradetracker.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com app.aiden.cx js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net *.trustpilot.com *.zopim.com static.sooqr.com *.zdassets.com bat.bing.com static.buckaroo.nl *.squeezely.tech tm-tradetracker.net *.maxiaxi.com *.clarity.ms *.googleoptimize.com *.zendesk.com bam.eu01.nr-data.net *.pinimg.com *.addthis.com *.addthisedge.com *.moatads.com *.hotjar.com *.hotjar.io *.licdn.com *.beslist.nl *.tiktok.com *.stripe.com *.cookiebot.com *.etrusted.com *.smooch.io *.pinterest.com *.convertexperiments.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu static.sooqr.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com bam.nr-data.net *.zdassets.com widget-mediator.zopim.com stats.g.doubleclick.net squeezely.tech cognito-identity.eu-central-1.amazonaws.com rum-collector-2.pingdom.net wss://widget-mediator.zopim.com *.maxiaxi.com *.clarity.ms *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.pinterest.com measurement-api.criteo.com *.zendesk.com bam.eu01.nr-data.net *.addthis.com *.hotjar.com *.beslist.nl *.tiktok.com app.aiden.cx *.hotjar.io wss://ws.hotjar.com analytics.pangle-ads.com googleads.g.doubleclick.net *.ads.linkedin.com *.cookiebot.com *.etrusted.com *.smooch.io *.convertexperiments.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.hotjar.com *.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data: https:; connect-src 'self' https: wss:; frame-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'self' https: data: blob:; base-uri 'self' https:; form-action 'self' https:; frame-ancestors 'self' https:; worker-src 'self' https: data: blob:; report-uri /csp-report 3 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.cloudflare.com *.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.teamexpress.com *.baseballexpress.com *.softball.com *.softballfans.com *.weltpixel.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.teamexpress.com *.baseballexpress.com *.softball.com *.softballfans.com *.maillist-manage.com https://*.google.com *.cloudfront.net *.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.google.com/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com s7.addthis.com *.teamexpress.com *.baseballexpress.com *.softball.com *.softballfans.com *.maillist-manage.com https://maillist-manage.com googleads.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.avada.io assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://apis.google.com assets.shipperhq.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.teamexpress.com *.baseballexpress.com *.softball.com *.softballfans.com *.cloudflare.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com assets.shipperhq.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.teamexpress.com *.baseballexpress.com *.softball.com *.softballfans.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com thm.visa.com ekr.zdassets.com/ *.teamexpress.com *.baseballexpress.com *.softball.com *.softballfans.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.addthis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ovs.shipperhq.com rms.shipperhq.com wss://rms.shipperhq.com/ *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.teamexpress.com *.baseballexpress.com *.softball.com *.softballfans.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 report-uri /es/Error/ReportCPS; 3 script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' https://www.googletagmanager.com https://cdn.callibri.ru https://cloud.roistat.com https://top-fwz1.mail.ru https://st.hybrid.ai https://dss.hybrid.ai https://mc.yandex.ru https://privacy-cs.mail.ru https://emd.hybrid.ai https://0806a7336a43c49e7f6b43bf758935-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://cllctr.roistat.com https://cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://cdbc886d1749a0a7f4c0458205fa0f-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://250e19fc4249268f88fd25ac89e74c-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://06a592cd3e4f309e412f9a3880f253-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://e7901a74814e96a2f17e0f2f20c24f-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://bc19d1b0474f30b95f7339cf554530-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://bd76afdaef40a38d991e5132e6c890-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://53c233c7d646fda5326744ad907ff5-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://99e891e83e49318469352f08c9f252-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://fec1cf0683463da8798c0c16af6ba2-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://52c7d7cc9842319ada0cdbcef21952-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://f7f0e7cac14dc4bfb06ebacc165425-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://0175aaed4845e38507144a1e174b3f-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://51da6ed24b4c7eb33fad5d9ee57b05-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://0ea3b1690f4fa19fe6123a51c106aa-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://71d02f19e5416ba0e93bffb9a144f1-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://fcpe.beeline.ru https://56424de8a046f8adf76dd67bb773d6-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://b1767b87924165b1cc82f600d8894a-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://26cbec5297451887f1ed2bbeb045e9-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://0d0ca9907c444d88b0f037a6578e1c-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://9300247bea4c37aa7a32d71db72ae1-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://e5e87ccec04a4ab35700711fab3a25-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://51db007a304e229164d8b01c6293a0-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://6c420ec1b440839802583d5277c0bf-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://386e3a8e6a4712be6981ab56e51847-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://c8beaa54c04b34a2ccecbb3db97ee4-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://821ed05fd44db18c31b9ae6e28d651-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://fbd453dbc2489297e87a36917b0a7e-cd9502ed2eba43ce9d20682c0c9b4bd8.ops.beeline.ru https://script.marquiz.ru https://api-maps.yandex.ru https://yastatic.net https://core-renderer-tiles.maps.yandex.net 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://cloud.roistat.com chrome-extension: https://mc.yandex.ru https://mc.yandex.com https://quiz.marquiz.ru https://mozbar.moz.com https://www.youtube.com https://uos.unistroyrf.ru https://www.googletagmanager.com; object-src 'self'; report-uri /cspreportonly; 3 font-src *.fontawesome.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.facebook.com *.kinderkraft.fr *.kinderkraft.pl kinderkraft.fr kinderkraft.pl *.trustpilot.com *.criteo.gum *.cookiebot.com kinderkraft.co.uk ecommscript-integrationapp.trustpilot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.klarna.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.trustpilot.com *.facebook.com www.facebook.com *.instagram.com *.hotjar.com *.criteo.com *.criteo.net *.youtube-nocookie.com *.google.com *.kinderkraft.fr kinderkraft.fr kinderkraft.pl *.pinterest.com td.doubleclick.net hal9000.redintelligence.net kinderkraft.co.uk ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.gstatic.com *.googleapis.com *.ggpht *.klarna.com *.klarnaevt.com *.klarnacdn.net static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com imgsct.cookiebot.com *.ytimg.com www.google.com www.google.pl kinderkraft.com pixel.wp.pl www.facebook.com *.instagram.com *.payu.com *.hotjar.com www.googletagmanager.com googleads.g.doubleclick.net *.criteo.com *.adobedtm.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.yahoo.com *.3lift.com *.smartadserver.com *.adnxs.com *.tapad.com *.casalemedia.com *.360yield.com *.taboola.com *.pubmatic.com *.media.net *.teads.tv *.adform.net *.bidswitch.net *.sharethrough.com *.smaato.net *.socdm.com *.adscale.de *.advertising.com *.dable.io *.co.kr *.stickyadstv.com *.twiago.com *.omnitagjs.com *.liadm.com *.yieldmo.com *.postrelease.com *.addthis.com *.revcontent.com *.mail.ru *.yieldlab.net *.rambler.ru *.bing.com *.openx.net *.nate.com *.mediawallahscript.com id5-sync.com *.rlcdn.com *.adingo.jp *.tremorhub.com *.yandex.ru *.aralego.com/ *.ad-stir.com *.adtdp.com *.meba.kr *.1rx.io *.toast.com *.turn.com *.dmxleo.com *.mediavine.com *.ivitrack.com *.smartclip.net *.krxd.net *.emxdgt.com *.pinterest.com *.bluekai.com *.thebrighttag.com kinderkraft.pl *.user.com *.trustpilot.com *.trustpilot.net *.metaffiliation.com region1.analytics.google.com developers.google.com trk.datnova.com *.facebook.net server-side-tagging-vqegoo7bda-uc.a.run.app bcw.kinderkraft.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.klarnaservices.com *.avada.io secure.payu.com secure.snd.payu.com consentcdn.cookiebot.com *.trustpilot.com *.googletagmanager.com kinderkraft-staging.user.com *.user.com *.g.doubleclick.net *.adyen.com *.facebook.net pixel.wp.pl *.hotjar.com *.criteo.com *.newrelic.com *.criteo.net *.nr-data.net *.cloudflare.com *.clickcease.com *.pinimg.com *.googleoptimize.com *.youtube.com *.kinderkraft.pl *.kinderkraft.fr *.kinderkraft.de *.kinderkraft.it *.kinderkraft.co.uk *.kinderkraft.es *.metaffiliation.com *.bing.com *.clarity.ms *.cux.io *.taboola.com *.luigisbox.com ct.pinterest.com kng.kinderkraft.at sha.kinderkraft.be tag.facemyads.co bbd-tag.de s.retargeted.co apptracker.stream *.sddan.com trk.datnova.com js.cookieless-data.com bcw.kinderkraft.fr ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.trustpilot.com *.instagram.com *.cloudflare.com cdn.luigisbox.com 'self' 'unsafe-inline'; object-src ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline'; media-src *.adobe.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com consentcdn.cookiebot.com *.instagram.com kinderkraft-staging.user.com wss://kinderkraft-staging.user.com *.adyen.com yt2html5.com *.user.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net wss://kinderkraft.user.com *.hotjar.com wss://ws3.hotjar.com analytics.google.com *.paypal.com https://paypal.com paypal.com *.nr-data.net *.hotjar.io *.criteo.com wss://ws29.hotjar.com *.pinterest.com *.google.com wss://ws11.hotjar.com google.pl google.com *.kinderkraft.fr *.metaffiliation.com *.sentry.io sentry.io *.clarity.ms *.cux.io *.facebook.com facebook.com *.google.pl wss://* *.openfpcdn.io *.google-analytics.com *.taboola.com *.luigisbox.com *.bing.com server-side-tagging-vqegoo7bda-uc.a.run.app wdg.kinderkraft.pl *.googleapis.com tvw.kinderkraft.co.uk analytics.tiktok.com *.kinderkraft.at *.kinderkraft.be bcw.kinderkraft.fr ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline'; child-src *.instagram.com http: https: blob: 'self' 'unsafe-inline'; default-src *.adyen.com *.instagram.com *.googleoptimize.com *.bing.com kinderkraft.co.uk kinderkraft.pl ecommscript-integrationapp.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src https://*.gstatic.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.foursixty.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net https://www.gstatic.com *.cloudfront.net *.bglobale.com *.global-e.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://cdn.nibble.website https://fonts.googleapis.com https://fonts.gstatic.com/ stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk *.google-analytics.com *.google.com *.apple.com *.cloudflare.com *.disqus.com *.disquscdn.com static.addtoany.com *.addtoany.com *.reviews.io *.reviews.co.uk fonts.gstatic.com *.amazonaws.com *.sleeknote.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com *.pcapredict.com services.postcodeanywhere.co.uk *.google-analytics.com *.google.com *.apple.com *.cloudflare.com *.disqus.com *.disquscdn.com static.addtoany.com *.addtoany.com *.reviews.io *.reviews.co.uk *.facebook.com *.dmtrk.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.paypalobjects.com *.freshchat.com *.yieldify.com *.reviews.co.uk *.agechecked.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.bglobale.com *.global-e.com https://plumrocket.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com *.pcapredict.com services.postcodeanywhere.co.uk *.google-analytics.com *.google.com *.apple.com *.cloudflare.com *.disqus.com *.disquscdn.com static.addtoany.com *.addtoany.com *.lightwidget.com *.googletagmanager.com *.doubleclick.net *.pinterest.com *.reviews.io *.weltpixel.com *.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com https://*.gstatic.com https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.advertising.com *.outbrain.com *.google.com *.taboola.com *.bing.com *.ad-stir.com *.smartclip.net *.yieldify.com *.postcodeanywhere.co.uk *.trackedlink.net *.bglobale.com *.global-e.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://firebasestorage.googleapis.com flagpedia.net https://www.mollie.com https://cdn.nibble.website stats.g.doubleclick.net google.co.uk *.google.co.uk *.pcapredict.com services.postcodeanywhere.co.uk *.google-analytics.com *.apple.com *.cloudflare.com *.disqus.com *.disquscdn.com static.addtoany.com *.addtoany.com *.roeye.com *.adnxs.com *.linkedin.com *.stackadapt.com *.sleeknote.com grwapi.net *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com *.reddit.com *.googletagmanager.com *.doubleclick.net *.sweetanalytics.com *.analytics.google.com *.g.doubleclick.net storage.googleapis.com platform-cdn.sharethis.com widget-cdn.prod.nibble.website *.amazonaws.com *.pixiecommerce.co.uk blob: *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com agechecked.com https://maps.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.webgains.io *.foursixty.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.facebook.com *.facebook.net https://*.google.com *.gstatic.com *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net paypal-eu-cdn.cloudiq.com *.salesfire.co.uk *.googletagmanager.com *.esearchvision.com *.pcapredict.com *.reviews.co.uk *.freshchat.com *.postcodeanywhere.co.uk *.prettifyjs.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io maps.googleapis.com js.mollie.com https://cdn.nibble.website stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com services.postcodeanywhere.co.uk *.google-analytics.com *.google.com *.apple.com *.cloudflare.com *.disqus.com *.disquscdn.com *.addtoany.com *.lightwidget.com *.pinimg.com *.licdn.com *.bing.com *.stackadapt.com grwapi.net *.sleeknote.com *.pinterest.com *.reviews.io *.googleadservices.com *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.cdn-apple.com storage.googleapis.com platform-api.sharethis.com buttons-config.sharethis.com api.agechecked.com *.cookiebot.com qvdt3feo.com *.trustedshops.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.agechecked.com *.googleapis.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.freshchat.com *.reviews.co.uk *.cloudfront.net *.postcodeanywhere.co.uk *.prettifyjs.net *.gerber-store.co.uk cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.gstatic.com https://cdn.nibble.website stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk *.google-analytics.com *.google.com *.apple.com *.cloudflare.com *.disqus.com *.disquscdn.com static.addtoany.com *.addtoany.com data: *.stackadapt.com grwapi.net *.reviews.io *.tagmanager.google.com *.googletagmanager.com fonts.googleapis.com blob: *.sleeknote.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.nibble.website 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com https://*.google.com payments-eu.amazon.com *.paypal.com *.agechecked.com https://maps.googleapis.com https://player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.loyaltylion.com *.criteo.com *.criteo.net *.smartmetrics.co.uk *.socital.com *.doubleclick.net *.reviews.co.uk *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com https://cdn.nibble.website https://dev.api.nibble.website https://api.nibble.website stats.g.doubleclick.net google.co.uk *.google.co.uk google.com *.pcapredict.com services.postcodeanywhere.co.uk *.google-analytics.com *.apple.com *.cloudflare.com *.disqus.com *.disquscdn.com *.addtoany.com *.linkedin.com *.pinterest.com *.stackadapt.com *.bing.com grwapi.net *.cloudfront.net *.reviews.io *.analytics.google.com *.redditstatic.com *.reddit.com *.tiktok.com *.run.app *.googletagmanager.com *.g.doubleclick.net storage.googleapis.com l.sharethis.com ws.hotjar.com *.hotjar.io *.googlesyndication.com *.sleeknote.com *.googleapis.com geolocation.sleeknote.com *.cookiebot.com *.bing.net data: 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com *.pcapredict.com services.postcodeanywhere.co.uk *.google-analytics.com *.google.com *.apple.com *.cloudflare.com *.disqus.com *.disquscdn.com static.addtoany.com *.addtoany.com grwapi.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://geowidget.easypack24.net 'self' data: fonts.bunny.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.klarna.com https://www.googletagmanager.com/ *.packeta.com secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ consentcdn.cookiebot.com *.facebook.com web.facebook.com trustmate.io pudofinder.dpd.com.pl td.doubleclick.net www.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io platnosci.bm.pl www.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' data: *.facebook.com/ *.google.pl bat.bing.com cdn.klarna.com *.analytics.google.com *.googleapis.com *.mapbox.com trustmate.io cdn.trustmate.io *.facebook.com www.google.pl *.wp.pl imgsct.cookiebot.com www.glami.sk multimedia.mail.desportivo.de magento2.bm.devmouse.pl multimedia.mail.desportivo.ro www.googletagmanager.com/ desportivo.pl metrics.desportivo.cz metrics.desportivo.de *.desportivo.sk *.desportivo.ro data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cards-accept.bm.pl cards.bm.pl pay.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.packeta.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com *.gstatic.com www.googletagmanager.com d3bo67muzbfgtl.cloudfront.net consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net bat.bing.com clarity.ms static.payu.com nominatim.openstreetmap.org cdngazeta.pl gazeta.pl google.pl mail.desportivo.pl ga.getresponse.com us-an.gr-cdn.com popups1-show.getresponse.com us-wbe.gr-cdn.com *.recostream.com trustmate.io trustmate.tech ga2.getresponse.com mail.desportivo.pl/de/rocz/sk wbe1.getresponse.com mail.desportivo.de mail.desportivo.ro mail.desportivo.cz mail.desportivo.sk recostream.com js-agent.newrelic.com/ *.wp.pl wp.pl pixel.wp.pl an.gr-wcon.com glamipixel.com metrics.desportivo.pl *.desportivo.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com secure.przelewy24.pl static.payu.com trustmate.io fonts.bunny.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.packeta.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.google-analytics.com api.edrone.me stream.cloud.witbee.com j.clarity.ms google.com google.pl *.analytics.google.com consentcdn.cookiebot.com googleads.g.doubleclick.net static.payu.com *.facebook.net *.facebook.com app2.recostream.com ga2.getresponse.com/ bam.nr-data.net clk.leadexpert.pl www.google.com pixel.wp.pl popups1-show.getresponse.com ts.getresponse.pl popups1-s.getresponse.com pagead2.googlesyndication.com metrics.desportivo.pl metrics.desportivo.cz metrics.desportivo.de *.desportivo.sk *.desportivo.ro 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.globalpay.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.feedoptimise.com cdn.feedoptimise.com *.globalpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.googleapis.com data: 'self' 'unsafe-inline'; script-src unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com jquery.sellxed.com www.feedoptimise.com cdn.feedoptimise.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com https://pay.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn.jsdelivr.net *.nosto.com *.nos.to *.trustpilot.com *.googleapis.com 'sha256-g/qbQ8sW5eJ9JO8sQzRJ1OvARbUyKpJXFeof9SLw1eI=' 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://google.com/pay https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 worker-src blob:; font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.klarnacdn.net *.kalogirou.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com www.facebook.com www.youtube.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com www.youtube.com *.klarna.com *.contactpigeon.com *.googlesyndication.com *.skroutz.gr *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com www.google.gr *.cookiebot.com *.google-analytics.com maps.gstatic.com *.kalogirou.com *.contactpigeon.com www.youtube.com *.sharethis.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.skroutz.gr www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' data: *.cookiebot.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com *.klarnacdn.net *.klarnaservices.com *.google.gr *.taboola.com *.skroutz.gr *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net *.cookiebot.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com eu.klarnaevt.com *.klarnacdn.net *.klarnaservices.com *.taboola.com *.akstat.io *.googlesyndication.com *.skroutz.gr *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com *.googlesyndication.com 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3 default-src 'self' data: *.pinimg.com *.postaffiliatepro.com partneri.affilmax.cz *.doubleclick.net *.facebook.net *.google-analytics.com *.biano.cz *.dognet.sk *.googlesyndication.com *.imedia.cz *.googletagmanager.com *.googleadservices.com ;font-src 'self' data: fonts.gstatic.com *.zbozi.cz *.biano.cz *.biano.sk *.biano.hu ;connect-src 'self' google.com *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.zbozi.cz *.exchangeratesapi.io *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.seznam.cz *.facebook.com *.pinterest.com *.doubleclick.net https://*.clarity.ms partner-events.favi.cz partner-events.favi.sk partner-events.favi.hu t.targito.signal-nabytek.cz t.targito.sg-nabytek.cz t.targito.signal-nabytok.sk t.targito.sg-nabytok.sk t.targito.butor-signal.hu t.targito.sg-butor.hu *.clickcease.com *.targito.com *.googlesyndication.com https://saas.bianoapi.com bat.bing.com live.luigisbox.com api.luigisbox.com https://*.api.rvndev.com https://*.api.raventic.ai https://*.api.raventic.dev https://api.raventic.dev apps.sg-nabytek.cz apps.sg-nabytok.sk apps.sg-butor.hu ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.imedia.cz *.facebook.net *.doubleclick.net *.rival.cz *.fg.cz *.3dliving.cz *.imedia.cz *.zbozi.cz *.exchangeratesapi.io *.facebook.com *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.googlesyndication.com *.pinimg.com *.pinterest.com partneri.affilmax.cz *.postaffiliatepro.com www.heureka.cz im9.cz cz.img9.cz *.glami.cz *.licdn.com *.linkedin.com tracking.srovname.cz https://*.clarity.ms partner-events.favicdn.net cdn.targito.signal-nabytek.cz cdn.targito.sg-nabytek.cz cdn.targito.signal-nabytok.sk cdn.targito.sg-nabytok.sk cdn.targito.butor-signal.hu cdn.targito.sg-butor.hu *.clickcease.com cdn.targito.com https://saas.bianoapi.com bat.bing.com scripts.luigisbox.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com apps.sg-nabytek.cz apps.sg-nabytok.sk apps.sg-butor.hu ;form-action 'self' *.facebook.com *.facebook.net *.pinterest.com ;frame-src 'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;worker-src 'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;frame-ancestors 'self' ;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.seznam.cz *.doubleclick.net *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.imedia.cz *.facebook.com *.facebook.net *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.rival.cz *.vykupto.cz *.signal.pl *.zbozi.cz *.exchangeratesapi.io *.dognet.sk *.foxentry.cz *.pinimg.com *.pinterest.com *.biano.cz *.biano.sk *.biano.hu *.heureka.cz *.heureka.sk im9.cz *.glami.cz *.googleadservices.com https://*.clarity.ms bat.bing.com *.favionline.com *.bing.com cdn.targito.com https://i.cdn.rvndev.com https://i.rvndn.com ;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.seznam.cz *.google.com *.gstatic.com *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.sg-butor.hu *.zbozi.cz *.exchangeratesapi.io *.foxentry.cz cdn.targito.com https://saas.bianoapi.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;object-src 'self' ; report-uri /frontendreport/report/ 3 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com fonts.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.dpdconnect.nl *.newrelic.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.trackedlink.net https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com openstreetmap.org maps.googleapis.com maps.gstatic.com moogento.com *.moogento.com *.multisafepay.com https://api.mapbox.com https://widgets.trustedshops.com https://integrations.etrusted.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.dpdconnect.nl https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com l.moogento.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://integrations.etrusted.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.multisafepay.com autocomplete2.postdirekt.de *.trustedshops.com *.etrusted.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://c6d02f62-c45e-4c56-876c-2102faf3fd5c.sansec.watch/; report-to report-endpoint; 3 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://firebasestorage.googleapis.com https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.gstatic.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://def9d71d-669f-4322-8f25-4ef099a2d33a.sansec.watch/; report-to report-endpoint; 3 frame-ancestors 'self';default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com;style-src 'self' 'report-sample' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com;object-src 'none';frame-src 'self' www.google.com www.googletagmanager.com;img-src 'self' data: www.googletagmanager.com;font-src 'self' data:;connect-src 'self' region1.google-analytics.com www.googletagmanager.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self';report-to https://eee1b62173267e184943aa9a8123112f.report-uri.com/r/d/csp/wizard; 3 frame-src 'self' td.doubleclick.net youtube.com *.youtube.com; report-uri /infra/monitoring/csp 3 default-src 'self';base-uri 'self' https://*.microsoft.com https://*.skype.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.azure.net https://*.s-microsoft.com https://*.ytimg.com https://www.youtube.com https://*.microsoft.com https://*.skypeassets.com https://*.clicktale.net https://*.wx-int.trafficmanager.net https://*.wx-int.skype.com https://*.skype.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net https://connect.facebook.net/ https://js.monitor.azure.com/;style-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.skype.com https://*.skypeassets.com https://*.microsoft.com https://*.s-microsoft.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net;img-src 'self' data: blob: https://docs.botframework.com https://bot-framework.azureedge.net https://*.skype.com https://*.skypeassets.com https://c.microsoft.com https://*.clicktale.net https://*.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://www.facebook.com https://*.msecnd.net https://ad.doubleclick.net https://adservice.google.com;font-src data: https://*.skypeassets.com https://*.s-microsoft.com https://*.microsoft.com https://assets.onestore.ms https://*.skype.com https://fonts.gstatic.com;media-src 'self' data: blob: https://*.skypeassets.com https://*.skype.com;connect-src https://*.skype.com https://*.clicktale.net https://*.microsoft.com https://*.live.com https://*.skypeassets.com wss://*.trouter.skype.com https://web.vortex.data.microsoft.com https://prod-video-cms-rt-microsoft-com.akamaized.net https://eus-streaming-video-rt-microsoft-com.akamaized.net https://wus-streaming-video-rt-microsoft-com.akamaized.net;object-src 'none';frame-ancestors 'none';frame-src 'self' https://*.microsoft.com https://*.skype.com https://*.live.com https://www.youtube.com;form-action https://login.skype.com;report-uri https://edge.skype.com/r/c; 2 script-src 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org client-api.arkoselabs.com connect.facebook.net developers.kakao.com interactives.ap.org js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com static.captchami.com tiktok.captchami.com unpkg.com www.facebook.net www.vimeo.com; report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=Zm6jHcglbkT17wbeLYnRh&v=7; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js; report-to csp-endpoint 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2 connect-src https://*.adroll.com https://s.yimg.com https://*.google-analytics.com https://*.googletagmanager.com https://translate-pa.googleapis.com https://translate.googleapis.com https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com 'self' https://*.online-metrix.net; default-src 'none'; font-src 'self' https://fonts.gstatic.com; frame-src https://*.adroll.com https://www.google.com https://recaptcha.google.com 'self' https://*.online-metrix.net https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com; img-src https://oci.dyn.com https://help.dyn.com https://*.adroll.com https://sp.analytics.yahoo.com https://*.en25.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://fonts.gstatic.com https://translate.google.com 'self' data: https://*.online-metrix.net; script-src 'unsafe-eval' 'eval' https://*.adroll.com https://s.yimg.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com 'self' 'unsafe-inline' https://*.online-metrix.net https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com; style-src https://www.gstatic.com 'self' 'unsafe-inline'; report-to csp-endpoint; report-uri /_/csp-reports 2 default-src 'self';style-src 'self' 'unsafe-inline' https://use.typekit.net; object-src 'none'; base-uri 'self';worker-src 'none'; 2 default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.nesine.com wss://*.nesine.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net *.betsolutions.com *.ertgaming.com *.yahoo.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com *.ytimg.com *.aboutcookies.org *.mobilproses.com *.omnitagjs.com *.outbrain.com *.nr-data.net *.bidswitch.net *.sportradar.com *.akamaized.net *.performfeeds.com *.betradar.com *.dge.imggaming.com tjktv.ercdn.net *.tjk.org *.broadage.com *.pubmatic.com *.mediavine.com *.demdex.net *.krxd.net *.thebrighttag.com *.tremorhub.com *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.teads.tv *.3lift.com *.emxdgt.com *.sync.com *.ivitrack.com *.yieldmo.com *.yieldlab.net *.imgarena.com *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com *.azureedge.net *.semasio.net *.7platform.net *.7platform.com *.7platform.live *.nsoft-cdn.com *.launchdigi.net *.gameturboz.cloud *.turboexplorer.online *.1rx.io *.adsrvr.org aa.agkn.com *.postrelease.com *.revcontent.com *.rqtrk.eu *.bing.com *.smaato.net *.narrative.io *.socdm.com *.mediawallahscript.com *.liadm.com *.stickyadstv.com *.linkedin.com *.rlcdn.com *.dable.io *.adingo.jp *.twiago.com *.bluekai.com *.crwdcntrl.net *.hs.llnwd.net *.ucweb.com *.dengage.com *.playbetman.com *.turbolabs.online *.aleaplay.com *.turbogg4u.online *.turbodiscovery.xyz *.ofmicropod.com *.dengagecdn.com *.launchdigi.net *.eskimi.com *.tiktok.com *.rsc.cdn77.org *.igamemedia.com; img-src * data:; report-uri /csp/cspreport/ 2 default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 2 base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=n_vEO-Fh7Z9vwOpd77xfv-IkjCZpy8MNM0falg3F6WT74F_SzEwlP1nMPjTa9DY%3D 2 frame-ancestors 'none'; report-uri https://dnsimple.report-uri.com/r/d/csp/wizard 2 default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://accounts.google.com https://analytics.google.com https://api.amplitude.com https://bi-beta.pst.tech https://bi.pst.tech https://bifrost-https-v4.gw.postman.com https://blog.postman.com https://cdn.cookielaw.org https://cdn.metadata.io https://dl.pstmn.io https://eo2kpuahxhuvgexlueall7gqzq0fihon.lambda-url.us-east-1.on.aws https://events.gw.postman.com https://events.rm-api.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://identity.getpostman-beta.com https://identity.getpostman.com https://lp.postman.com https://munchkin.marketo.net https://pages.getpostman.com https://player.twitch.tv https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://manifest.webmanifest https://ms1frkqnsp7r.statuspage.io https://run.pstmn.io https://script.hotjar.com https://skills-assets.pstmn.io https://st-ar.cdn.postman.com https://static.cloudflareinsights.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://vc.hotjar.io https://voyager.postman.com https://web.postman.com https://www.googletagmanager.com https://www.slideshare.net https://snap.licdn.com https://www.google.com https://www.youtube.com https://youtube.com https://www.linkedin.com/px/ https://www.postman.com https://snap.licdn.com/ https://i.ytimg.com https://platformapi.metadata.io https://worldtimeapi.org https://maps.google.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://bam.nr-data.net https://js-agent.newrelic.com https://video.ibm.com https://js.zi-scripts.com/zi-tag.js https://js.zi-scripts.com https://res.cloudinary.com https://mkt.cdn.postman.com https://api.mapbox.com https://events.mapbox.com https://api.fpjs.io https://js.zi-scripts.com https://ws.zoominfo.com https://cdn.jsdelivr.net https://cdn.amplitude.com https://api2.amplitude.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://js.qualified.com wss://ws.qualified.com https://app.qualified.com https://api.company-target.com https://segments.company-target.com https://tag.demandbase.com https://tag-logger.demandbase.com https://s.company-target.com https://alb.reddit.com https://www.redditstatic.com https://pixel-config.reddit.com https://id.rlcdn.com https://content.hotjar.io https://script.hotjar.com https://static.hotjar.com wss://ws.hotjar.com https://cdn.segment.com https://api.cdp.postman.com 'unsafe-inline' 'unsafe-eval'; form-action 'self'; base-uri 'self'; 2 default-src 'unsafe-inline' 'unsafe-eval' * data: blob: 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' *.wp.com; img-src data: https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src data: https:; media-src blob: https:; frame-src https:; object-src 'none'; connect-src https:; 2 default-src 'self'; script-src 'self' bat.bing.com cdn.getkoala.com cdn.rudderlabs.com www.google-analytics.com www.googletagmanager.com decagon.ai *.mutinycdn.com js.hs-scripts.com js.hs-banner.com js.hubspot.com js.hs-analytics.com *.hsforms.net unpkg.com snap.licdn.com www.redditstatic.com ; connect-src 'self' login.tailscale.com bat.bing.com *.mutinyhq.io *.mutinycdn.com analytics.google.com www.google-analytics.com api.getkoala.com cdn.sanity.io unpkg.com *.rudderstack.com *.hubspot.com www.redditstatic.com pixel-config.reddit.com px.ads.linkedin.com; img-src 'self' cdn.sanity.io lh3.googleusercontent.com www.google-analytics.com *.hsforms.com alb.reddit.com px.ads.linkedin.com bat.bing.com track.hubspot.com; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; block-all-mixed-content; object-src 'self'; report-to csp-endpoint; report-uri https://login.tailscale.com/csp-report; 2 media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2 base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=7deBJWR6fnirt73an4tyU6iI725gN2eeCQDp40GSQka4H2S0Nd6_UyzY5tqBY9U%3D 2 frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com cdn.cookielaw.org code.jquery.com connect.facebook.net data: googleads.g.doubleclick.net js.ipredictive.com platform.instagram.com platform.twitter.com qvdt3feo.com s.yimg.com snap.licdn.com tags.srv.stackadapt.com try.abtasty.com www.googletagmanager.com www.instagram.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' agadata.online apis.google.com bat.bing.com cdn.cookielaw.org code.jquery.com colegiodiocesanosantaclara.imtlazarus.com:6443 connect.facebook.net data1.blamap.com get663.com googleads.g.doubleclick.net js.ipredictive.com lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org pixel.byspotify.com platform.instagram.com platform.twitter.com public.tableau.com qvdt3feo.com s.yimg.com sc-static.net snap.licdn.com tags.srv.stackadapt.com translate-pa.googleapis.com translate.google.com translate.googleapis.com try.abtasty.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.nrdcapps.org www.pagespeed-mod.com www.scrible.com www.tiktok.com www.vimeo.com www.youtube.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.honey.io tags.srv.stackadapt.com www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' blob: cdn.honey.io lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org sf16-website-login.neutral.ttwstatic.com tags.srv.stackadapt.com www.googletagmanager.com www.gstatic.com www.nrdcapps.org www.scrible.com cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://nrdc.report-uri.com/r/d/csp/wizard 2 default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk https://*.trustarc.com https://secure.feed5mown.com https://cdn.bizible.com https://bat.bing.com https://connect.facebook.com https://connect.facebook.net https://dbm.demdex.net https://bamboohr.demdex.net https://*.licdn.com https://*.hotjar.com https://tracking.g2crowd.com https://static.ads-twitter.com https://munchkin.marketo.com https://munchkin.marketo.net https://cdn.abrankings.com https://a.quora.com https://q.quora.com https://*.clarity.ms https://*.thebrightforks.com https://dx.mountain.com https://tag.clearbitscripts.com https://cdn.pdst.fm https://x.clearbitjs.com https://app.clearbitjs.com https://www.googletagmanager.com https://www.redditstatic.com https://snap.licdn.com https://www.google-analytics.com https://assets.adobedtm.com https://activitymap.adobe.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://abm-tracking.demandscience.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://match.prod.bidr.io https://bamboohr.zendesk.com https://*.zdassets.com https://assets.screensteps.com https://fast.wistia.com https://fast.wistia.net https://unpkg.com https://*.convertexperiments.com https://js.intercomcdn.com https://cdn.readme.io https://*.tiktok.com https://fonts.gstatic.com https://fonts.googleapis.com https://edge.adobedc.net https://adobedc.demdex.net https://stats.g.doubleclick.net https://www.google.com https://analytics.google.com https://*.mktoresp.com https://*.clearbit.com https://*.linkedin.com https://t.co https://*.twitter.com https://*.facebook.com https://tracking.contanuity.com https://c.bing.com https://*.hlx.page https://*.hlx.live https://bamboohr--webchat.sandbox.my.site.com https://bamboohr--webchat.sandbox.my.salesforce-scrt.com https://bamboohr.my.site.com https://bamboohr.my.salesforce-scrt.com https://js.driftt.com https://static.cloudflareinsights.com https://script.crazyegg.com https://rc-widget-frame.js.driftt.com https://arttrk.com https://intentstream.contanuity.com https://td.doubleclick.net https://bamboohr.com wss://ws.hotjar.com https://*.hotjar.io https://*.gstatic.com https://*.leandata.com https://195-loz-515.mktoutil.com https://*.bizibly.com https://*.google.com.ua https://www.google.ca https://www.getapp.com https://*.wistia.com https://*.honey.io https://boards.greenhouse.io https://*.ucweb.com https://qvdt3feo.com https://*.srv.stackadapt.com https://ct.capterra.com https://*.youtube.com https://*.googleadservices.com https://hook.us1.make.celonis.com https://bamboohr.formstack.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 'unsafe-inline' 'unsafe-eval'; report-uri https://app.bamboohr.com/ajax/parse_csp_report.php; report-to https://app.bamboohr.com/ajax/parse_csp_report.php; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:; script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:; style-src data: 'self' 'unsafe-inline' https:; img-src data: 'self' https: blob: android-webview-video-poster:; font-src 'self' https: data:; connect-src 'self' data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://prod.bhaskarapi.com/api/1.0/web-backend/csp-report; 2 frame-src 'self' syndicatedsearch.goog *.google.com *.youtube.com vimeo.com *.vimeo.com *.podbean.com static.addtoany.com *.blackbaudhosting.com js.createsend1.com *.createsend.com; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net *.blackbaudhosting.com js.createsend1.com www.createsend.com *.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net *.blackbaudhosting.com js.createsend1.com *.createsend.com www.createsend.com *.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'report-sample' 'unsafe-inline' *.googleapis.com *.gstatic.com *.createsend1.com *.createsend.com *.blackbaudhosting.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self'; base-uri 'self'; form-action 'self' www.createsend.com js.createsend1.com *.blackbaudhosting.com *.nla.gov.au; frame-ancestors 'self' 2 frame-ancestors 'self' https://*.kit.edu; report-uri /global-cgi-bin/csp-report; report-to csp-report 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.icrc.org www.gstatic.com www.googletagmanager.com www.google-analytics.com *.youtube.com *.vimeo.com *.vimeocdn.com js.hs-analytics.net *.hs-scripts.com *.hs-banner.com js.hsleadflows.net *.facebook.net *.bing.com *.getblue.io *.adnxs.com js.usemessages.com js.hsadspixel.net *.googlesyndication.com *.ads-twitter.com *.cloudflare.com *.licdn.com hcaptcha.com api.mapbox.com unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com api.mapbox.com; frame-src 'self' *.youtube.com *.vimeo.com *.youku.com *.getblue.io www.googletagmanager.com *.hcaptcha.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com fonts.gstatic.com; connect-src 'self' *.icrc.org *.linkedin.com *.hubspot.com *.bing.com www.google-analytics.com *.googlesyndication.com *.adnxs.com *.hcaptcha.com *.mapbox.com *.arcgis.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 img-src 'self' https://s3.amazonaws.com/media.nngroup.com/; connect-src 'self'; default-src 'self'; script-src 'self' https://s3.amazonaws.com/media.nngroup.com/; style-src 'self' https://s3.amazonaws.com/media.nngroup.com/; font-src 'self' https://s3.amazonaws.com/media.nngroup.com/ 2 default-src *; connect-src 'self' *.google.com www.google-analytics.com stats.g.doubleclick.net *.gigabyte.com.tw *.clarity.ms *.cookieyes.com cdn-cookieyes.com pagead2.googlesyndication.com *.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.google.com *.googleapis.com *.youtube.com *.facebook.com connect.facebook.net api.map.baidu.com cdn.jsdelivr.net cdnjs.cloudflare.com kxlogo.knet.cn *.doubleclick.net snap.licdn.com d.line-scdn.net *.clarity.ms *.bing.com cdn-cookieyes.com *.go-mpulse.net *.gigabyte.com *.gigabyte.com.tw pagead2.googlesyndication.com code.jquery.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gigabyte.com *.gigabyte.com.tw; img-src 'self' data: https: blob: faq.gigabyte.com; font-src 'self' data: fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gigabyte.com *.gigabyte.com.tw; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.facebook.com *.doubleclick.net *.gigabyte.com *.gigabyte.com.tw www.googletagmanager.com; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src 'self' 'unsafe-inline' https: data:;connect-src https: wss:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data: blob:;media-src https: blob:; report-uri /csp_rep 2 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 frame-ancestors gofundme.com *.gofundme.com *.hopin.com; 2 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://zn4mbdaokn6kcahtg-cypress.siteintercept.qualtrics.com https://79423.analytics.edgekey.net https://cdnjs.cloudflare.com https://connect.facebook.net https://e.video-cdn.net https://img.en25.com https://oc-cdn-public-eur.azureedge.net https://rules.quantcount.com https://s1968580696.t.eloqua.com https://*.hotjar.com https://secure.quantserve.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://*.hotjar.com https://cdn.botframework.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net; object-src 'self'; connect-src 'self' https://www.infineon.com https://softwaretools.infineon.com https://toolbox-cloud-staging.cloudapps.infineon.com https://stg-community.infineon.com https://community.infineon.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://api.flockler.com https://asset-out-cdn.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://d.video-cdn.net https://infineon.product-discontinuation.com https://licensing.bitmovin.com https://ma307-r.analytics.edgekey.net https://oc-cdn-public-eur.azureedge.net https://stats.g.doubleclick.net https://vod.video-cdn.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: https://e.video-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://www.infineon.com https://chatbot.infineon.com https://oc-cdn-public-eur.azureedge.net https://players.brightcove.net https://*.hotjar.com https://www.facebook.com https://www.youtube.com https://www.promeas.com; img-src 'self' data: https://www.infineon.com https://www.infineon-brandportal.com https://pbs.twimg.com https://www.kununu.com https://www.glassdoor.com https://s722891043.t.eloqua.com https://siteintercept.qualtrics.com https://asset-out-cdn.video-cdn.net https://media-api.flockler.com https://media-exp1.licdn.com https://pixel.quantserve.com https://px.ads.linkedin.com https://s1968580696.t.eloqua.com https://www.bluewind.it https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://*.hotjar.com; manifest-src 'self'; media-src 'self' data:; base-uri 'self'; report-uri https://www.infineon.com/rest/csp/report; worker-src blob:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com googletagmanager.com dev.virtualearth.net cdn.ckeditor.com *.google.com *.evergage.com; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com dev.visualwebsiteoptimizer.com *.googletagmanager.com; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com 2 frame-ancestors 'self' *.books.com.tw *.book.com.tw; report-uri https://cspr.books.com.tw/CspReport/fetchCspr 2 default-src 'self' *.sleeknote.com https://*.kindlycdn.com *.boozt.com *.klarna.com *.booztx.com wss://ws-eu.pusher.com:443 https://*.pusher.com checkout-cdn.avarda.com wss://sage.kindly.ai wss://ws-eu.pusher.com https://*.kindly.ai *.booztcdn.com; script-src 'self' data: blob: *.rewardspay.com static.cloudflareinsights.com dp64mxip2za0c.cloudfront.net www.barilliance.net cdn.avo.app *.booztcdn.com www.googleoptimize.com www.googletagmanager.com *.clarity.ms cookie-cdn.cookiepro.com atemda.com hst.tradedoubler.com cdn.loadbee.com the.sciencebehindecommerce.com bat.bing.com *.zenaps.com s2.adform.net tagmanager.google.com vc.hotjar.io cdn.noibu.com *.sleeknote.com widget.eu.criteo.com tr.snapchat.com yastatic.net *.adyen.com googleads.g.doubleclick.net tracking.s24.com *.contentsquare.net cm.g.doubleclick.net *.issuu.com euob.isstarsbuilding.com cdn.cookielaw.org *.flixcar.com web-assets.stylitics.com pagead2.googlesyndication.com cdn.siftscience.com www.gstatic.com bam-cell.nr-data.net *.kronor.io www.googleadservices.com www.snapengage.com avdonl0p0checkout0fe.blob.core.windows.net 7276578.collect.igodigital.com www.awin1.com *.booztx.com connect.facebook.net bugcrowd.com track.adform.net www.datadoghq-browser-agent.com cdn.depict.ai *.freshchat.com obseu.isstarsbuilding.com *.criteo.com www.dwin1.com d38knilzwtuys1.cloudfront.net *.klarnacdn.net *.klarna.com sc-static.net sslwidget.criteo.com assets.bugcrowdusercontent.com *.google.com dev.visualwebsiteoptimizer.com cdn.evgnet.com *.google-analytics.com *.booztcdn.com *.boozt.com privacyportal.onetrust.com s3.amazonaws.com maps.googleapis.com static.criteo.net swrap.tradedoubler.com chat.kindlycdn.com *.trustpilot.com www.google.com *.boozt.com tag.smartly.io bam.nr-data.net *.hotjar.com geolocation.onetrust.com optimize.google.com lcx-embed.bambuser.com *.liveshopper.net widget.criteo.com 'unsafe-eval' 'unsafe-inline'; font-src 'self' cdn.honey.io *.booztx.com *.boozt.com fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com chat.kindlycdn.com avdonl0p0checkout0fe.blob.core.windows.net *.avarda.com data: *.booztcdn.com data: ; img-src optimize.google.com data: https: data: blob: 'unsafe-inline'; connect-src 'self' wss://*.kronor.io chat.kindlycdn.com *.google.com.pr www.bing.com www.googletagmanager.com *.clarity.ms *.google.com.kh bam.nr-data.net *.google.fr *.google.co.jp checkout-cdn.avarda.com wss://input.noibu.com *.google.com.eg *.google.by boozt.com *.google.com.ni *.criteo.net *.googleapis.com *.googleapis.com dev.visualwebsiteoptimizer.com *.loadbee.com *.google.mn *.google.com.lb *.google.be *.google.co.nz *.google.ps *.googleoptimize.com *.google-analytics.com *.google.com.tw *.google.com.cu *.google.com.np *.stylitics.com *.google.mk *.google.co.ke *.adzerk.net *.google.sk *.google.com.mt obseu.isstarsbuilding.com *.google.com.uy *.kronor.io *.google.ro *.analytics.google.com tr.snapchat.com *.google.lv *.google.com.au *.adform.net *.clarity.ms *.google.com.et wss://proxy.depict.ai:7315 *.google.com.ec *.google.md *.google.com.co *.google.ae bot.kindly.ai *.google.co.zw translate.googleapis.com *.google.com.sa *.clarity.ms *.hotjar.com partner.revieve.com spk.boozt.com cdn.cookielaw.org *.snapchat.com *.onetrust.com *.google.ie vc.hotjar.io *.google.ch *.google.tn *.google.co.id *.google.cl *.google.mw *.datadoghq-browser-agent.com *.google.ba www.snapengage.com *.google.gl *.google.com.bo *.google.es *.google.co.th input.noibu.com *.avarda.com *.google.ci *.google.gr *.google.com.hk unpkg.com *.criteo.net *.google.co.il *.google.am *.browser-intake-datadoghq.eu *.google.com.bh *.google.com *.evergage.com *.google.com.ar *.criteo.com *.google.com.ly adservice.google.com *.google.so *.clarity.ms *.booztx.com *.boozt.com *.google.co.tz *.google.com *.google.me *.google.mv *.clarity.ms google.com *.google.co.za api.depict.ai *.klarnacdn.net *.google.com.vn kronor.io bam-cell.nr-data.net www.getpica.com *.google.com.qa *.booztcdn.com *.logs.datadoghq.eu *.hotjar.io browser-intake-datadoghq.eu *.google.ru *.google.pt *.google.co.cr app.vwo.com *.google.com.tr *.google.lu *.contentsquare.net *.hotjar.com dawa.aws.dk *.google.lt sp.boozt.com *.doubleclick.net *.google.co.bw *.google.com.gh *.google.no *.sleeknote.com *.google.com.bd *.google.com.kw *.visualwebsiteoptimizer.com *.google.ge *.google.com.pe *.google.com.sg *.google.it pagead2.googlesyndication.com www.facebook.com wss://kronor.io *.google.al *.google.com.br *.google.com.ua *.google.co.vi *.google.co.ck *.google.mu *.google.az stats.g.doubleclick.net *.google.bi *.google.lt *.google.com.na *.klarna.com *.google.ee *.google.cz *.google.com.pk *.google.gm *.google.fi *.hotjar.io media.flixfacts.com api.avo.app *.google.com.do *.google.sc *.google.rs *.google.hu *.google.si *.google.co.uz *.google.sr *.google.iq *.google.co.zm *.google.hr *.google.tg *.google.co.uk *.google.lk *.google.com.jm *.google.kg *.google.com.af *.google.pl *.google.com.ph *.google.nl *.google.cn *.google.cv wss://ws-eu.pusher.com *.contentsquare.com *.google.com.my *.google.bg fpt.boozt.com bat.bing.com *.google.is *.google.at *.google.com.mx *.google-analytics.com *.google.bt dev.visualwebsiteoptimizer.com *.klarnaevt.com code.jquery.com *.google.ca *.google.com.cy *.google.jo *.hotjar.com *.google.co.ma *.google.de *.adyen.com *.google.ga *.google.kz *.avarda.org; child-src 'self' td.doubleclick.net js.klarna.com tr.snapchat.com track.adform.net www.googletagmanager.com *.freshchat.com *.trustpilot.com *.google-analytics.com *.criteo.com *.hotjar.com data: blob: ; style-src 'self' *.freshchat.com *.adyen.com cdn.cookielaw.org privacyportal.onetrust.com *.booztx.com *.booztcdn.com optimize.google.com *.boozt.com fonts.googleapis.com d38knilzwtuys1.cloudfront.net tagmanager.google.co geolocation.onetrust.com *.stylitics.com *.kronor.io chat.kindlycdn.com *.flixcar.com cdn.honey.io cookie-cdn.cookiepro.com translate.googleapis.com data: 'unsafe-inline'; manifest-src 'self' *.booztx.com *.boozt.com *.booztcdn.com; media-src *.boozt.com *.booztcdn.com storage.googleapis.com *.booztx.com www.snapengage.com; frame-ancestors 'self'; report-uri /csp-report/; report-to csp-reports 2 default-src 'self'; connect-src 'self' https://api.expo.dev https://static.expo.dev https://job-artifacts.eascdn.net https://job-logs.eascdn.net https://cdp.expo.dev http://127.0.0.1:* https://status.expo.dev https://8tdse0ohgq-dsn.algolia.net https://qex7pb7d46-dsn.algolia.net https://sessions.bugsnag.com https://*.g.doubleclick.net https://api.github.com https://google.com https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://www.googleadservices.com https://*.googleapis.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://react-tweet.vercel.app https://reactnative.directory https://api.rudderstack.com https://siias52v.apicdn.sanity.io https://sentry.io https://o30871.ingest.sentry.io https://api.stripe.com; font-src 'self' data: https://static.expo.dev https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://*.datadoghq.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://*.youtube.com; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' https://static.expo.dev https://d2wy8f7a9ursnm.cloudfront.net https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.google.com https://www.googleadservices.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://www.gstatic.com https://cdn.rudderlabs.com https://js.stripe.com https://*.js.stripe.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; report-to expo 2 default-src 'self'; media-src 'self'; connect-src 'self' https://vpncdn.protonweb.com https://account.proton.me https://account.protonvpn.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://vpncdn.protonweb.com; style-src 'self' 'unsafe-inline' https://vpncdn.protonweb.com; font-src 'self' https://vpncdn.protonweb.com; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' data: https:;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors https://cue.wanews.com.au 'self';img-src 'self' data: https:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https: data: wss:;frame-src 'self' https:;media-src 'self' data: blob: https:;worker-src 'self' https: data: blob: 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.scene7.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org cdn-apple.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 2 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' geo.api.gouv.fr *.gouvernement.fr *.api.swiftype.com *.keia.io app-eu.readspeaker.com cdn-eu.readspeaker.com via.batch.com ws.batch.com www.google.com/ccm/collect; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.doubleclick.net instagram.com www.instagram.com twitter.com platform.twitter.com syndication.twitter.com dailymotion.com www.dailymotion.com geo.dailymotion.com linkedin.com www.linkedin.com vimeo.com www.vimeo.com player.vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com; img-src 'self' zhsv.info.gouv.fr data: piste.gouv.fr *.piste.gouv.fr cdn-eu.readspeaker.com openlayers.org tile.openstreetmap.org *.tile.openstreetmap.org tile.openstreetmap.fr *.tile.openstreetmap.fr *.doubleclick.net googletagmanager.com www.googletagmanager.com fonts.gstatic.com abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com ytimg.com *.ytimg.com; media-src 'self' cdn-eu.readspeaker.com; object-src 'none'; script-src 'self' barometre.gouvernement.fr via.batch.com zhsv.info.gouv.fr piste.gouv.fr *.piste.gouv.fr cdn-eu.readspeaker.com googletagmanager.com www.googletagmanager.com platform.twitter.com/widgets.js www.instagram.com/embed.js; style-src 'unsafe-inline' 'self' barometre.gouvernement.fr piste.gouv.fr *.piste.gouv.fr cdn-eu.readspeaker.com www.gstatic.com ton.twimg.com platform.twitter.com 2 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 2 default-src 'self'; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://tasks.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft https://res-sdf.cdn.office.net https://res.cdn.office.net https://mesh.public.onecdn.static.microsoft https://mesh.df.onecdn.static.microsoft; base-uri 'none'; manifest-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'report-sample' http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net 'sha256-6LhNPP0AvFhlXnotIv0ZTYeU+lmcLzLiqwYApn2mkpo=' 'sha256-ZOuj00jGwviPQ3FA9RUXchJPj9wjGmL5bPlsn4keNfE='; style-src 'self' 'unsafe-inline' 'report-sample' https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://login.live.com https://storage.live.com; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; worker-src 'self'; frame-src 'self' https://* https://webshell.suite.office.com; media-src 'self'; object-src 'none'; form-action 'self' https://*; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2 default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 2 base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-violation?q=X5DDRc4AfuLFzVG1MJvDxVICuJkubzGHaMLIUzeqRf-J3iePEHfQ296YqoxQ2LQ%3D 2 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self' 2 default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://chemkap.rivm.nl https://app.powerbi.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://apps.rivm.nl https://chemkap.rivm.nl https://*.mopinion.com ; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://app.powerbi.com/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://*.mopinion.com; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data: http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://service.pdok.nl/ https://data.rivm.nl/ https://*.openstreetmap.org/ https://chemkap.rivm.nl; frame-src 'self' https://cibrapportage.rivm.nl https://esp-ext.rivm.nl https://login-ext.rivm.nl https://chemkap.rivm.nl https://www.infectieradar.nl https://app.powerbi.com; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl https://chemkap.rivm.nl https://www.infectieradar.nl; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://app.powerbi.com; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://*.mopinion.com https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/* https://*.mopinion.com; report-uri /report-csp-violation 2 default-src 'self' https://d3q9kdqrtloda.cloudfront.net/ https://i.ytimg.com/ https://www.youtube-nocookie.com/ https://noembed.com/ https://cdn.plyr.io/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://c1001.report.gbss.io/ https://analytics.tiktok.com/ https://forms.hubspot.com/ https://region1.analytics.google.com/ https://*.analytics.google.com/ https://region1.google-analytics.com/ https://*.google-analytics.com/ https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com/ https://*.onetrust.com/; style-src 'self' 'unsafe-inline' https://static.formstack.com/forms/css/ https://static.formstack.com/common/css/; script-src 'self' https://www.youtube.com/ https://cambridgeenglish.formstack.com/forms/ 'sha256-5woGd/mZkUg7jRI9rPBZPHKC+LdyheFkTyKDMVNRNAs=' https://static.hotjar.com/c/ https://static.formstack.com/forms/js/ 'sha256-BEia3zQX2ZCFqcEfWBg9chT7nMc26YOr506FmhGqIfE=' 'sha256-z+rMOYNYmUbRI0OKIZH9HZneWmS3dJkEIDLisI+5LwI=' 'sha256-4QifgdTNZlur9Y/OOGOV3SggRLnQQR4peyehG9Y5buo=' https://www.google.com/ https://www.gstatic.com/ https://cdn-ukwest.onetrust.com/ https://www.googletagmanager.com/ 'sha256-rbMVlXlWb1FxlmTxqO6hQI+5VPCMoqHMqeyWMrzk9E4=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-/6m2tVE+3ZAyrBnUps+rDpHpCwMi0VgW9mdVym2y2cE=' 'sha256-nanbr0ZSJrOvEvr6c5gV8UarYfjNXF+TAtmA9GjvyJ0=' 'sha256-ATpn7Ex50rRSNqmoA432bWfqvlsGB6CD/7fE2WtoU5A=' 'sha256-iXVjrS+TzaVqRdjZV8gecO6OkuAcobYu2OjiJVT8LYU=' 'sha256-+WTu64J4HVaiLZC0nSjR9XxbZZg1xX7cdNM/WA/pDcQ=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' 'sha256-xc61KVzUrz5aO4ACQyRqjH2fPpfIb/xoMmSSEiU+PWU=' 'sha256-wyNlDF2abbsDx6TZogcKckBQwZ4N8qFR3SAepboU7Sk=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' blob: 'unsafe-eval' https://www.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com https://www.googleadservices.com/ https://connect.facebook.net/ https://a.quora.com/ https://js.hs-scripts.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://cl.qualaroo.com/ https://assets.ubembed.com/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://js.hubspot.com/ https://cdn.gbqofs.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://snap.licdn.com/ https://14d7fb0767d540569b202283222297c0.js.ubembed.com/ 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA='; object-src 'none'; font-src 'self' https://static.formstack.com/forms/fonts/; img-src 'self' data: https://d3q9kdqrtloda.cloudfront.net/ https://s3.eu-west-2.amazonaws.com/ielts-web-static/ www.googletagmanager.com https://i.ytimg.com/ https://cdn-ukwest.onetrust.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://t.co https://analytics.twitter.com/ https://www.facebook.com/ https://q.quora.com/ https://adservice.google.com/ https://perf-na1.hsforms.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://www.google-analytics.com/ https://*.linkedin.com/ https://*.amazonaws.com/ielts-web-static/ https://adservice.google.co.uk/; frame-src 'self' https://www.google.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://dntcl.qualaroo.com/ https://td.doubleclick.net/; 2 frame-ancestors 'self'; report-uri https://www.adelaidenow.com.au/csp-reports 2 default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wellhub.com https://js.appboycdn.com/web-sdk/4.0/braze.no-amd.min.js https://widget-mediator.zopim.com https://js-na1.hs-scripts.com https://static.zdassets.com https://sdk.inbenta.io https://chatbot.backoffice.gympass-staging.com/chatbot-site-gympass-com.js https://cdn.optimizely.com https://maps.googleapis.com https://x.clearbitjs.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com cdn.cookielaw.org/ cdn.segment.com bat.bing.com/bat.js cdn.jsdelivr.net/npm/jquery-validation@1.19.5/dist/jquery.validate.min.js cdn.optimizely.com/js/ cdn.segment.com/analytics.js/ cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js code.jquery.com/jquery-3.6.0.min.js connect.facebook.net/en_US/fbevents.js googleads.g.doubleclick.net/pagead/viewthroughconversion/ j.6sc.co/6si.min.js js.driftt.com/include/ js.hs-analytics.net/analytics/ js.hs-banner.com/ js.hs-scripts.com/ js.hsadspixel.net/fb.js js.hsforms.net/forms/v2.js js.hsleadflows.net/leadflows.js js.usemessages.com/conversations-embed.js rum-static.pingdom.net/ s.yimg.com/wi/ytc.js script.hotjar.com/ snap.licdn.com/li.lms-analytics/ static.hotjar.com/c/ static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js tag.clearbitscripts.com/v1/ tpc.googlesyndication.com/ unpkg.com/blip-chat-widget clarity.ms/tag/uet/ *.clarity.ms/tag/uet/ https://www.googleadservices.com/pagead/ x.clearbitjs.com/v2/ https://s3.amazonaws.com/raichu-beta/ https://static.play.ht/playht-pageplayer-plugin.js https://bat.bing.com/p/action/ https://connect.facebook.net/signals/config/ https://js.hubspot.com/web-interactives-embed.js https://analytics.tiktok.com/ https://www.clarity.ms/s/ https://static.xingcdn.com/xingtrk/index.js; style-src 'self' 'unsafe-inline' https://sdk.inbenta.io fonts.googleapis.com https://www.googletagmanager.com/ https://s3.amazonaws.com/raichu-beta/ https://static.play.ht/playht-pageplayer-plugin.css; object-src 'none'; base-uri 'self'; connect-src 'self' *.wellhub.com https://traces.observability.prd.us.gympass.cloud/collect https://sdk.iad-03.braze.com/api/v3/data cdn.cookielaw.org/ *.onetrust.com inbenta.io *.inbenta.io https://api.inbenta.io wss://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io *.zendesk.com zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://maps.googleapis.com https://unlogged.users.gympass-staging.com https://www.google-analytics.com analytics.google.com adservice.google.com adservice.google.com/pagead adservice.google.com/pagead/ https://adservice.google.com/pagead https://adservice.google.com/pagead/ https://www.google.com/ https://www.google.com.br/ *.google.com google.com.br api.hubapi.com hubspot.com *.hubspot.com api.segment.io app.clearbit.com bat.bing.com cdn.segment.com epsilon.6sense.com *.optimizely.com optimizely.com *.googleadservices.com googleadservices.com forms.hsforms.com in.hotjar.com ipv6.6sc.co js.hs-banner.com *.clarity.ms rum-collector-2.pingdom.net s.yimg.com stats.g.doubleclick.net unlogged.users.gympass.com https://play.ht/api/v2/ https://places.geo.us-east-1.amazonaws.com https://*.cloudfront.net https://px.ads.linkedin.com https://analytics.tiktok.com/ api.reclameaqui.com.br https://browser-intake-datadoghq.com/api/v2/rum https://rum.browser-intake-datadoghq.com/api/v2/rum https://www.facebook.com/ https://region1.analytics.google.com/ wss://*.hotjar.com/ https://*.hotjar.io/ https://www.xing.com/xas/api/tracking_pixel_verification; font-src 'self' data: https://cdn.inbenta.io fonts.gstatic.com https://assets-cdn.gympass.com https://assets-cdn.wellhub.com https://script.hotjar.com/ https://s3.amazonaws.com/play-plugin/build/font; frame-src 'self' https://gympass.chat.blip.ai optimizely.com *.cdn.optimizely.com googleadservices.com bid.g.doubleclick.net forms.hsforms.com js.driftt.com meetings.hubspot.com tpc.googlesyndication.com vars.hotjar.com facebook.com https://www.facebook.com/ www.googletagmanager.com/ https://td.doubleclick.net; img-src 'self' data: https://s3.amazonaws.com/raichu-beta/ https://assets-cdn.gympass-staging.com https://assets-cdn.gympass.com https://assets-cdn.wellhub.com https://images.partners.gympass.com/ https://p.adsymptotic.com https://www.googletagmanager.com cdn.cookielaw.org/ *.inbenta.com inbenta.com https://gympass-staging-images-us.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com *.clarity.ms/ cloudfront.net *.cloudfront.net https://www.google.com/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.com/pagead/1p-user-list/ b.6sc.co bat.bing.com https://c.bing.com/ forms-na1.hsforms.com forms.hsforms.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net/ px.ads.linkedin.com sp.analytics.yahoo.com track.hubspot.com facebook.com https://www.google-analytics.com google.com google.com.br www.google.com.br https://www.google.co.uk/ https://www.google.com.ar/ https://www.google.com.mx/ https://www.google.de/ https://www.google.es/ https://www.google.cl/ https://www.google.it/ https://www.facebook.com/ https://fonts.gstatic.com/ https://px4.ads.linkedin.com/collect https://www.linkedin.com/px/ https://ads01.groovinads.com/ https://perf-na1.hsforms.com/embed/v3/counters.gif; manifest-src 'self'; media-src 'self' https://static.zdassets.com; worker-src 'self' *.gympass-staging.com blob:; 2 default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com 2 default-src https: 'unsafe-inline' data: 2 img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.olaelectric.com cdn.olaelectric.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.olaelectric.com *.olacabs.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com cdn.moengage.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.book.olaelectric.com *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://www.magezon.com *.google.co.in *.twitter.com d34kmefuuy0be0.cloudfront.net evprodcdn.blob.core.windows.net *.olaelectric.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' *.cloudfront.net *.olacabs.com *.azureedge.net *.stg.corp.olacabs.com *.corp.olacabs.com *.blob.core.windows.net *.ev-discovery-80.stg.corp.olacabs.com cdn.olaelectric.com *.cloudinary.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.paypal.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com cdn.moengage.com *.licdn.com *.ads-twitter.com unpkg.com *.olaelectric.com *.blob.core.windows.net *.unpkg.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.highcharts.com cdn.olaelectric.com *.cloudinary.com *.ev.corp.olaelectric.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.google.com unpkg.com *.olaelectric.com assets.braintreegateway.com *.cloudinary.com *.cdn.olaelectric.com *.ev.corp.olaelectric.com 'self' 'unsafe-inline'; object-src *.cloudinary.com *.cdn.olaelectric.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.cloudfront.net 'self' *.azureedge.net *.olacabs.com *.stg.corp.olacabs.com *.corp.olacabs.com *.blob.core.windows.net *.ev-discovery-80.stg.corp.olacabs.com *.olaelectric.com cdn.olaelectric.com *.cloudinary.com *.magezon.com 'self' 'unsafe-inline'; manifest-src *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com sdk-02.moengage.com *.linkedin.oribi.io *.doubleclick.net demotiles.maplibre.org api.geospoc.io *.olaelectric.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.magezon.com *.cdn.olaelectric.com *.corp.olacabs.com *.olacabs.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.cloudinary.com *.cdn.olaelectric.com *.olaelectric.com http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com *.corp.olacabs.com *.olacabs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.drip.com *.hsappstatic.net *.sleeknote.com *.zdassets.com *.zendesk.com *.hubspot.com *.hubspot.net *.hs-analytics.net *.hs-banner.com *.cloudflare.com *.zi-scripts.com *.g2crowd.com unpkg.com *.tiktok.com *.quora.com *.bing.com *.redditstatic.com *.ads-twitter.com *.licdn.com *.facebook.net *.snapchat.com sc-static.net *.clearbitscripts.com *.dreamdata.cloud 2 default-src 'self';connect-src 'self' https://analytics.majestic.com https://analytics.majesticseo.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.majesticseo.com https://analytics.majestic.com https://info.majestic.com https://*.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://www.google.com/recaptcha/ https://platform.twitter.com/ https://player.captivate.fm/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report;report-to report-endpoint 2 : default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: 2 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.b0e8.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bc0a.com *.elotouch.com www.elotouch.com elotouch.com *.google.lv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.b0e8.com *.bc0a.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.recaptcha.net *.simpli.fi *.zi-scripts.com siteimproveanalytics.com *.pardot.com *.elotouch.com *.jsdelivr.net unpkg.com *.cloudflare.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com hello.myfonts.net *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.elotouch.com elotouch.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.doubleclick.net *.zi-scripts.com *.zoominfo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'none'; script-src 'self' konicaminoltaus.b-cdn.net; script-src-elem 'self' data: konicaminoltaus.b-cdn.net acsbapp.com; style-src konicaminoltaus.b-cdn.net; style-src-elem 'self' pro.fontawesome.com; style-src-attr konicaminoltaus.b-cdn.net 'sha256-0pQcockGFps+gZtZM4uwu3Y5OYTQgIzzv9J+dAtUkrY='; img-src 'self' data: kmbscontent.konicaminolta.us konicaminoltaus.b-cdn.net blob:; font-src 'self' data: konicaminoltaus.b-cdn.net pro.fontawesome.com; connect-src 'self' 127.0.0.1:5000 kmbscontent.konicaminolta.us konicaminoltaus.b-cdn.net data: analytics.google.com script.crazyegg.com; media-src data:; child-src blob:; frame-src 'self'; worker-src blob:; report-uri https://4cb6d1b88ad70041e7bad82563439f7d.report-uri.com/r/t/csp/reportOnly; report-to default 2 frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'sha256-5s1UCPQTqKWc18lk0CbkMG0IYokX1utP9ZMQQYiuwXk=' 'sha256-G5NvPksjkp09uU+DikUdTcBXp0UV/362J6blwWczw5I=' 'sha256-HLwLpFPvuHKI0X/UFMhOHQNt1eedIdJGTPML3b+GfWo=' 'sha256-MM3CG7szGAeVIKY58JGR+X+7xTDccDemqcIY0lQLrX8=' 'sha256-OifdWXgFw+IPMAs6Nnr1te5UDPoRIbkDLB1lXZmmRP8=' 'sha256-oh6ZTSefRfIBPlcye8dBjlQBkC0A32V1QIb2htJq7ao=' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.containers.piwik.pro https://*.wistia.com https://*.wistia.net https://maps.google.com https://maps.googleapis.com https://src.litix.io https://use.typekit.net; script-src-elem 'self' 'report-sample' https: *.containers.piwik.pro *.wistia.com *.wistia.net maps.google.com maps.googleapis.com src.litix.io use.typekit.net 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline' blob: *.typekit.net fonts.googleapis.com fast.wistia.com; object-src embedwistia-a.akamaihd.net; frame-src 'self' https: blob: *.wistia.net *.wistia.com maps.google.com maps.googleapis.com uwhealth.formstack.com; child-src 'self' blob:; img-src 'self' data: blob: *.wistia.net *.wistia.com *.typekit.net *.gstatic.com *.ggpht.com *.googleapis.com embedwistia-a.akamaihd.net images.ctfassets.net maps.google.com maps.googleapis.com res.cloudinary.com swedishamericanmychart.org i.ytimg.com; font-src 'self' data: *.wistia.net *.wistia.com fonts.googleapis.com fonts.gstatic.com res.cloudinary.com use.typekit.net; connect-src 'self' microservices.uwhealth.dev microservices.uwhealth.org *.wistia.com *.typekit.net *.litix.io *.cloud.coveo.com embedwistia-a.akamaihd.net fonts.googleapis.com fonts.gstatic.com fast.wistia.net images.ctfassets.net maps.google.com maps.googleapis.com noembed.com res.cloudinary.com uwhealth.piwik.pro pnapi.invoca.net; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self' data: blob: *.wistia.net *.wistia.com embedwistia-a.akamaihd.net res.cloudinary.com; prefetch-src 'self'; worker-src 'self' blob:; report-to testing 2 default-src 'self' https://n8n.io data: 'unsafe-inline'; script-src 'self' 'sha256-4pl9dZH8ght2nZ3AX1mV23mwuukxsklzULVnAeIEKbg=' https://cdn.jsdelivr.net/npm/@webcomponents/webcomponentsjs@2.0.0/webcomponents-loader.js https://www.unpkg.com/lit@2.0.0-rc.2/polyfill-support.js https://cdn.jsdelivr.net/npm/@n8n_io/n8n-demo-component@latest/n8n-demo.bundled.js https://*.googletagmanager.com https://www.gstatic.cn https://www.gstatic.com https://www.recaptcha.net https://static.cloudflareinsights.com/beacon.min.js/ static.cloudflareinsights.com https://script.tapfiliate.com/tapfiliate.js https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js https://checkout.paddle.com/api/2.0/prices/; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://n8niostorageaccount.blob.core.windows.net https://www.gstatic.cn https://www.gstatic.com https://www.recaptcha.net https://gravatar.com/avatar/; media-src https://n8niostorageaccount.blob.core.windows.net; connect-src 'self' https://api.n8n.io/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.gstatic.cn https://www.gstatic.com https://www.recaptcha.net https://data.hockeystack.com cloudflareinsights.com; frame-src https://n8n-preview-service.internal.n8n.cloud https://www.recaptcha.net; frame-ancestors 'none'; object-src 'none' 2 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://octopus.report-uri.com/r/d/csp/wizard 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 2 default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2 frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://5b99b19026a35ad04db5bcf778a03938.report-uri.com/r/d/csp/reportOnly 2 form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org *.googletagmanager.com *.googleadservices.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com t.co adservice.google.com *.linkedin.com *.google-analytics.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com santander-privacy.my.onetrust.com; frame-ancestors 'self' *.santanderopenacademy.com *.googletagmanager.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com *.analytics.google.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io *.google-analytics.com px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com *.omappapi.com *.vimeo.com *.santanderopenacademy.com *.googlesyndication.com *.onetrust.com *.tiktokw.us sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com *.universia.net universia.net *.santanderopenacademy.com *.vimeo.com doubleclick.net *.doubleclick.net; img-src 'self' data: *.santanderopenacademy.com *.santanderx.com dss.hybrid.ai su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es *.googletagmanager.com *.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es *.googlesyndication.com snapchat.com *.snapchat.com; manifest-src 'self'; media-src 'self' data: *.santanderopenacademy.com *.santanderx.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' emd.hybrid.ai *.hybrid.ai pixel.wp.pl www.google.com 'sha256-YSegCmpoY/9vy6z9Jp/wY5F+2CZOSO85IpkqRDamw6o=' 'sha256-8UQUF8T5SdG0xN7U0SziZK/tE7Mx20WlIEvrhPZS+5c=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-y+EdpRp7NGzuxDREjdSGXuM2ZRxY/zPRIps6hzHQOcU=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-HbtNuErO4Ji0X7sd59L8NfJYuQk3WllCWK3gVuRMpfM=' 'sha256-BBirXJiJdwXRuf4PKdCNfYQLT8mhwGu68gkk2lfCqN8=' 'sha256-9gh4m8bsTLdMvKZ358mYZY2d+f5k+bk+APY/b3jwy1o=' 'sha256-xeKH9HwGHVm84iWqrxisQix9T08PGSCZTxFIO4+ewWk=' 'sha256-DwzQ63XCPWPBU9VhenPaZeU1L0tiiqJkkaWArzaMA14=' 'sha256-5t573MY7H7LQK71Vf2b+RoOG9NlBxHctIHdMjVPJIE0=' 'sha256-ZxrnaNw21FtNs0hG3ejrGPJWMFqp2c2scn3dGBS7Xtk=' 'sha256-DaJ5+aVVCCwmIoJpsto8Q2FfkqVlML3utJdn4mDMGD0=' 'sha256-Fj/OzUbSCuycXsQO3rkxgJpOQcr0O4grKcZDUi0FIiU=' 'sha256-L89rOqVn3e1Yeav7YFzFH7bxGr1IyHtjhNxYvrcVL4E=' 'sha256-g2T0Peh4PkAjcTj+CFHeM0y83Uuh+6W/+Ay4nUyncSo=' 'sha256-BpTz1JC47PMe4NhdM7n0gmuvr+83Jo3c+LLXav8o+Wc=' 'sha256-+i46atGTJGrevoy/LaA/uxqfIvacu6J/34f4LYs4FLU=' 'sha256-NW1gvrymt4M+SBgRpB7GKpbvkiAcBF120jBugIgwTkY=' 'sha256-TCOS0LXlyOYGx+xlpfAYkRxyaOiYLTlRzHwI0YQSm3Q=' 'sha256-XdoX181xfRJT12LmChyU6l4zxvoIsaAHf4FxTHoJM+I=' 'sha256-NKT4ofJEPzU1gDi1WITFInJvz8potrsIe5i+LSnCKqo=' 'sha256-w6kdg/3YV4tBVkaDe4i2aktYPtaPLEHNIGHKOXJ7aZI=' 'sha256-7OI/iFnRHuxJU3EbXDhDFX6g3cZ0C1I8U6VTbbk7bPw=' 'sha256-VY8NVZZ8EZKkngWGPFlpnC0jlPPS4naDQeeIKqLpgUU=' 'sha256-3ThNsno0lln5H88qDcBDPljNxQaOgkPiulXpM/OsV1s=' 'sha256-8N1I80yqbb8/sRov2zmhZf1nwe9Hd8PifhnSJaDP664=' 'sha256-LG4xcV34tsaAdFNYuH8Lr84Ovn0ZnSV2GoIA+TiLP5s=' 'sha256-y36RoFUJWgc8gbl/5Pk2/0bsYv2bJ+bMa8Y4LV/Wz/k=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-3FPxyKucOIUnwkis1jUlVWeg63ttBCdsnPZ7d1/U9vQ=' 'sha256-lBxE5qVCAIfADFr1+pdyVxAP7I/YVviosUAsCf3pZtU=' 'sha256-3iXpidN34sHSaOL+oY8lqqkqIs8qgMSZmmFOyyyJq5o=' 'sha256-TZjz12EnkJLarfuyWy8NqZ9HG8RpIuFAlQySbT4/4h8=' 'sha256-Y4y/Z3pJNei7wFfh20klvIrbZiajvE/JWO1KhI668Xo=' 'sha256-LigV2Z6/JVA57qW0q8wSx849ylkhI35JZTPqGObl9ks=' 'sha256-83sIN1kEH+EziQHRTaQiSWImOUtv0wFFfa74npfXyoE=' 'sha256-BMIPp0uCJPYMdHFyQdug09fBOv1yC4c3ATQ5HIB8lnU=' 'sha256-mkZ77JgvPSMOW/FuYQr4tf+Z2qIq0e/ozaNEcVp9eyc=' cdn.jsdelivr.net cdn.equalweb.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com *.googletagmanager.com *.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com *.googleadservices.com *.santanderopenacademy.com *.googlesyndication.com sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net st.hybrid.ai; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com *.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 2 worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2 default-src 'self'; script-src 'self' 'nonce-8e5d7812a577cfad245e1108d2b6be2c8423f915659ca47e75c0ea8b1237c079' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com https://*.linkgraph.com https://*.intellimize.co https://*.intellimizeio.com https://*.chilipiper.com; script-src-elem 'self' 'nonce-8e5d7812a577cfad245e1108d2b6be2c8423f915659ca47e75c0ea8b1237c079' http://static.ads-twitter.com https://sc.lfeeder.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://tagmanager.google.com https://www.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com https://*.linkgraph.com https://*.intellimize.co https://*.intellimizeio.com; img-src 'self' 'nonce-8e5d7812a577cfad245e1108d2b6be2c8423f915659ca47e75c0ea8b1237c079' https://www.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://*.google.com https://*.clearbitjs.com https://*.hsforms.net https://*.adsymptotic.com https://*.linkedin.com https://*.lfeeder.com https://*.cloudfront.net https://track.hubspot.com https://q.quora.com https://*.sa-as.com https://*.reddit.com https://*.bing.com; connect-src 'self' 'nonce-8e5d7812a577cfad245e1108d2b6be2c8423f915659ca47e75c0ea8b1237c079' https://cs.lf-discover.com wss://visitors.live wss://in.visitors.live https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.leadinfo.net https://d.adroll.com https://*.clarity.ms https://*.crazyegg.com https://*.luckyorange.net https://*.hubapi.com https://*.hubspot.com https://*.hsforms.com https://minio.ghost.io https://*.searchatlas.com https://*.chilipiper.com; style-src 'self' 'nonce-8e5d7812a577cfad245e1108d2b6be2c8423f915659ca47e75c0ea8b1237c079' https://*.cloudfront.net http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://fonts.googleapis.com https://*.intellimize.co https://*.intellimizeio.com; font-src 'self' 'nonce-8e5d7812a577cfad245e1108d2b6be2c8423f915659ca47e75c0ea8b1237c079' https://fonts.gstatic.com; object-src 'none'; media-src 'self' 'nonce-8e5d7812a577cfad245e1108d2b6be2c8423f915659ca47e75c0ea8b1237c079' https://*.cloudfront.net; frame-src 'self' 'nonce-8e5d7812a577cfad245e1108d2b6be2c8423f915659ca47e75c0ea8b1237c079' https://bid.g.doubleclick.net https://www.google.com/ https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io https://*.chilipiper.com; frame-ancestors 'self' https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io; 2 base-uri 'self' ; connect-src https://*.ampproject.org https://*.appsflyer.com https://bat.bing.com https://*.clarity.ms https://*.cloudfront.net https://*.compare.com https://*.criteo.com https://*.criteo.net https://stats.g.doubleclick.net https://www.facebook.com https://app.five9.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.insurify.com https://insurify.com https://insurifycdn.com https://*.klaviyo.com https://*.logrocket.com https://*.logrocket.io https://*.lr-in.com https://*.lr-ingest.io https://*.makestories.io https://*.mixpanel.com https://*.mxpnl.com https://*.pinterest.com wss://ws.pusherapp.com https://insurify.sjv.io https://*.snapchat.com https://lux.speedcurve.com https://analytics.tiktok.com https://widget.trustpilot.com https://*.usersnap.com https://ifrm.insurify.com 'self' ; default-src 'self' ; font-src https://*.insurify.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://insurifycdn.com https://widget.trustpilot.com https://ifrm.insurify.com 'self' data: ; form-action https://www.facebook.com https://tr.snapchat.com https://widget.trustpilot.com https://ifrm.insurify.com 'self' ; frame-ancestors 'self' ; frame-src https://insight.adsrvr.org https://match.adsrvr.org https://cj.dotomi.com https://*.doubleclick.net https://www.emjcd.com https://www.facebook.com https://*.pinterest.com https://www.quotelab.com https://tr.snapchat.com https://www.googletagmanager.com https://widget.trustpilot.com https://app.usecanopy.com https://ifrm.insurify.com 'self' ; img-src https://*.google.com https://*.googleapis.com https://www.google.bg https://www.google.com.pk https://www.googletagmanager.com https://maps.gstatic.com https://ib.adnxs.com https://*.appsflyer.com https://segment.prod.bidr.io https://*.bing.com https://*.clarity.ms https://*.cloudfront.net https://*.compare.com https://*.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://www.gstatic.com https://insurifycdn.com *.makestories.io https://*.mediaalpha.com https://*.nextinsure.com https://*.pinterest.com https://www.shopperapproved.com https://*.snapchat.com https://lux.speedcurve.com https://*.storyblok.com https://cdn.transparent.ly https://widget.trustpilot.com https://*.usersnap.com https://sp.analytics.yahoo.com 'self' data: ; media-src *.googlevideo.com 'self' ; script-src https://*.google.com https://*.googleapis.com https://www.google.bg https://www.google.com.pk https://maps.gstatic.com https://acdn.adnxs.com https://js.adsrvr.org *.ampproject.org https://*.appsflyer.com https://bat.bing.com https://*.bootstrapcdn.com https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.compare.com https://*.criteo.com https://*.criteo.net https://googleads.g.doubleclick.net https://connect.facebook.net https://app.five9.com https://*.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://d.impactradius-event.com https://*.insurify.com https://insurifycdn.com https://*.jquery.com https://*.klaviyo.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-ingest.io https://cdn.lr-in-prod.com https://insurance.mediaalpha.com https://*.mixpanel.com https://*.mxpnl.com https://s.pinimg.com https://*.pinterest.com https://sc-static.net https://www.shopperapproved.com https://cdn.speedcurve.com https://analytics.tiktok.com https://widget.trustpilot.com https://unpkg.com https://*.usersnap.com https://ifrm.insurify.com 'self' 'unsafe-inline' 'unsafe-eval' ; style-src https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.ampproject.org https://widget.trustpilot.com https://ifrm.insurify.com 'self' 'unsafe-inline' ; worker-src 'self' blob: ; report-uri https://report-uri.insurify.com/json; 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: http://cnt.invoicebox.ru; font-src https: data:; report-uri /csp-report 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 2 default-src 'self';img-src * blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.wp.com *.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com analytics.talentegy.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com forms.hsforms.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com my.hellobar.com onesignal.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com rules.quantcount.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css sanfordhealth.mdmatchup.com script.crazyegg.com sc-static.net sfapi.formstack.io siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.mysanfordchart.org *.wp.com *.formstack.com *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com;font-src 'self' data: *.fontawesome.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.wp.com *.formstack.com *.gstatic.com *.googleusercontent.com static.cloud.coveo.com staticdev.cloud.coveo.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com *.wp.com tools.sanfordhealthplan.com *.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net sanfordhealth.mdmatchup.com static.addtoany.com vimeo.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com;frame-ancestors 'self' *.mysanfordchart.org;connect-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com my.wpengine.com public-api.wordpress.com yoast.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hscollectedforms.net n2.mouseflow.com onesignal.com pnapi.invoca.net sanfordhealth.formstack.com sfapi.formstack.io usageanalytics.coveo.com analytics.cloud.coveo.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org my.wpengine.com yoast.com *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 2 font-src fonts.gstatic.com use.typekit.net *.googleapis.com fonts.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.hotjar.com x.klarnacdn.net *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com *.attn.tv bugcrowd.com imgs.cdn-btsg.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net www.facebook.com script.google.com *.googleapis.com *.hotjar.com *.iterable.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com *.wahooligan.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com https://extendcoreoffersdemo-offersthemelogobucketeb21afa-19jnurg0a0o17.s3.amazonaws.com https://s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.amazonaws.com *.atdmt.com *.bing.com *.bazaarvoice.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.hotjar.com humango.ai *.iterable.com kcc0.com www.kinomap.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com *.rudderstack.com imgs.signifyd.com image.simplecastcdn.com t.co tk0x1.com *.wahoofitness.com *.xg4ken.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com *.affirm.com *.affirm.ca *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com unsafe-inline *.adnxs.com js.adsrvr.org cdn.jsdelivr.net lightboxapi.azurewebsites.net cdn.attn.tv bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com imgs.cdn-btsg.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.fontawesome.com *.getroster.com *.google.com googleads.g.doubleclick.net *.hotjar.com *.iterable.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com h64.online-metrix.net cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv *.rudderlabs.com *.rudderstack.com cdn.segment.com imgs.signifyd.com *.stackadapt.com static.ads-twitter.com analytics.twitter.com modelviewer.dev d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com *.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://h64.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com *.hotjar.com www.lightboxcdn.com x.klarnacdn.net *.stackadapt.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.refersion.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.attentivemobile.com *.attn.tv bam-cell.nr-data.net *.bing.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com *.getroster.com analytics.google.com *.analytics.google.com *.hotjar.com *.hotjar.io mpsnare.iesnare.com *.iterable.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv *.rollbar.com *.rudderstack.com api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wahoofitness.com/nullreport/report/nullendpoint; report-to report-endpoint; 2 default-src 'self'; script-src 'self' https://cdn.levelaccess.net/accessjs/YW1wMTMzNTA/access.js https://cdn.segment.com/analytics.js/v1/4Y6iYCZHd2D5xVGYpxGVLMkEmstys7eH/analytics.min.js https://js-agent.newrelic.com/nr-rum-1.277.0.min.js https://script.hotjar.com/modules.675199526fcb21f102e5.js https://static.hotjar.com/c/hotjar-2358264.js https://static.khealth.com/globalPrivacyControl.js https://static.legitscript.com/seals/9571275.js; style-src 'self'; object-src 'none'; base-uri 'self'; img-src 'self' data: https://static.legitscript.com; font-src 'self'; connect-src 'self' https://cdn.levelaccess.net https://api.segment.io https://bam.nr-data.net https://cdn.segment.com; frame-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'self'; 2 script-src 'self' https://challenges.cloudflare.com https://hcaptcha.com https://static.cloudflareinsights.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.google-analytics.com/ https://www.googletagmanager.com/; base-uri 'self'; object-src 'self'; report-uri /cdn-cgi/script_monitor/report 2 default-src 'self'; frame-src *.recaptcha.net recaptcha.net platform.twitter.com *.youtube.com youtube.com; script-src 'self' 'unsafe-inline' *.procreate.art *.procreate.com *.sentry.io *.gstatic.com *.recaptcha.net recaptcha.net *.youtube.com/embed platform.twitter.com https://www.gstatic.cn/recaptcha cdn.usefathom.com *.mux.com; worker-src 'self' blob:; img-src 'self' 'unsafe-inline' blob: data: *.procreate.art *.procreate.com *.savage.si *.ytimg.com cdn.usefathom.com *.mux.com https://cdn.sanity.io/images/skm640rd/; connect-src 'self' blob: *.procreate.art *.procreate.com *.procreate.team procreate.team *.sentry.io *.savage.si savage-support-request-files.s3-accelerate.amazonaws.com *.mux.com https://inferred.litix.io/ https://xc406657.api.sanity.io/ https://cdn.sanity.io/images/skm640rd/ https://cdn.sanity.io/files/skm640rd/; media-src 'self' blob: *.procreate.art *.procreate.com *.savage.si *.mux.com https://xc406657.api.sanity.io/ https://cdn.sanity.io/images/skm640rd/ https://cdn.sanity.io/files/skm640rd/; style-src 'self' 'unsafe-inline' *.procreate.art *.procreate.com https://fonts.googleapis.com; form-action 'self'; base-uri 'self'; frame-ancestors none; object-src none; font-src 'self' https://fonts.gstatic.com *.procreate.art *.procreate.com; 2 default-src 'self' 'unsafe-inline' data: *.squaretrade.com *.facebook.com *.outbound.io *.auth0.com *.launchdarkly.com *.pndsn.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com https://api.segment.io https://api.amplitude.com https://privacyportal-eu.onetrust.com https://secure.shippingapis.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com https://st-stage-enc-cust-docs-use-oh-1.s3.us-east-2.amazonaws.com https://callback.vhtcx.com https://callback.virtualhold.com https://siteintercept.qualtrics.com; form-action 'self' data: *.squaretrade.com *.force.com *.salesforce.com *.auth0.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' data: *.squaretrade.com *.auth0.com https://cdn.segment.com *.bootstrapcdn.com *.force.com *.salesforce.com *.qualtrics.com https://platform.twitter.com; font-src 'self' data: *.squaretrade.com https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: *.squaretrade.com *.auth0.com *.facebook.com https://p.typekit.net *.google.com *.twitter.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com; style-src-elem 'self' 'unsafe-inline' *.squaretrade.com https://hello.myfonts.net https://service.force.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.smartrecruiters.com https://cdn.jsdelivr.net *.bootstrapcdn.com; script-src-elem 'self' *.squaretrade.com 'unsafe-inline' *.salesforceliveagent.com https://cdn.segment.com https://cdn.amplitude.com https://cdn.outbound.io https://connect.facebook.net https://www.googletagmanager.com https://service.force.com https://use.typekit.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://platform.twitter.com *.bootstrapcdn.com https://cdn.jsdelivr.net *.smartrecruiters.com https://polyfill.io 'https://www.youtube.com https://player.vimeo.com https://zn8jglatqcy5dkma1-squaretrade.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; frame-src https://service.force.com https://squaretrade.az1.qualtrics.com/ https://www.google.com https://www.facebook.com https://platform.twitter.com *.doubleclick.net; report-uri https://appreports.report-uri.com/r/t/csp/wizard 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.wmf.com accountuat.wmf.com ad4m.at ct.pinterest.com fledge.eu.criteo.com groupe-seb.my.salesforce-sites.com gum.criteo.com service.force.com static.criteo.com static.criteo.net td.doubleclick.net www.paypalobjects.com www.sovendus-connect.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.adyen.com *.awin1.com *.zenaps.com *.wepowerconnections.com https://images.unsplash.com https://img.youtube.com * https://api.mapbox.com *.hsforms.net *.hsforms.com 'self' data: *.contentsquare.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com s7.addthis.com * https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.contentsquare.net *.contentsquare.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com service.force.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com *.wepowerconnections.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ autocomplete2.postdirekt.de t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.contentsquare.net app.contentsquare.com api.paypal.com ariane.abtasty.com bat.bing.com cdn.cookielaw.org content.hotjar.io ct.pinterest.com dcinfos-cache.abtasty.com geolocation.onetrust.com googleads.g.doubleclick.net identification-api.sovendus.com maps.googleapis.com measurement-api.criteo.com pagead2.googlesyndication.com privacyportal-eu.onetrust.com region1.analytics.google.com stats.g.doubleclick.net tag.commander1.com try.abtasty.com ws.hotjar.com www.google.com www.google.de www.pinterest.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 child-src checkoutshopper-live.adyen.com 'self'; connect-src adservice.google.com ajax.googleapis.com analytics.google.com api-js.mixpanel.com api.mixpanel.com arena.matific.com bam-cell.nr-data.net bam.nr-data.net beaconapi.helpscout.net cdn.linkedin.oribi.io chatapi.helpscout.net checkoutshopper-live.adyen.com code.jquery.com consentcdn.cookiebot.com d3hb14vkzrxvla.cloudfront.net d5c36hgmtufmn.cloudfront.net ekr.zdassets.com episode-fact.matific.com firebase.googleapis.com firebaseinstallations.googleapis.com firestore.googleapis.com fonts.googleapis.com googleads.g.doubleclick.net *.google-analytics.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms/ https://*.clarity.ms/collect https://customer-h8ynfrgd4l2k01xb.cloudflarestream.com https://embedwistia-a.akamaihd.net https://er0hbf77h9.execute-api.us-east-1.amazonaws.com/production/logVoiceOverEvent https://*.litix.io https://*.wistia.com ljifg6p8cd.execute-api.us-east-1.amazonaws.com matific1084.zendesk.com *.matific.ca *.matific.com *.matific.eu matific-generatedpdf-ca.s3.amazonaws.com matific-homepage-production.s3.amazonaws.com pagesense-collect.zoho.com.au pagesense.zoho.com.au/ pi.pardot.com polling.matific.com prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com px.ads.linkedin.com region1.analytics.google.com securetoken.googleapis.com 'self' *.sentry.io site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com stats.g.doubleclick.net *.sumologic.com wa.appsflyer.com wa.onelink.me widget.usersnap.com widget.usersnap.com/api/widget/xhrrpc/* wss://*.pusher.com wss://widget-mediator.zopim.com www.facebook.com www.google.ad www.google.ae www.google.al www.googleapis.com www.google.az www.google.be www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.com www.google.com.ar www.google.com.au www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.ec www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.om www.google.com.pe www.google.com.pr www.google.com.qa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zw www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.hn www.google.hr www.google.hu www.google.iq www.google.it www.google.jo www.google.kg www.google.li www.google.lu www.google.lv www.google.mn www.google.mv www.google.nl/ www.google.no www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.googletagmanager.com www.google.vg; default-src fonts.googleapis.com https://c.bing.com https://*.clarity.ms https://matific1084.zendesk.com https://*.wistia.com https://*.wistia.net https://*.zdassets.com https://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zopim.com *.matific.ca *.matific.com *.matific.eu 'self' 'unsafe-inline' wss://matific1084.zendesk.com wss://*.zopim.com; font-src api.couponmate.com cdnjs.cloudflare.com d5c36hgmtufmn.cloudfront.net data: fonts.googleapis.com fonts.gstatic.com gateway.zscalerone.net heapanalytics.com https://beacon-v2.helpscout.net https://*.wistia.com *.matific.ca *.matific.com *.matific.eu maxcdn.bootstrapcdn.com production-cdn-slatemathweb.s3.amazonaws.com 'self' stackpath.bootstrapcdn.com themes.googleusercontent.com use.fontawesome.com use.typekit.net; form-action *.3ds.modirum.com *.bluesnap.com data: lgn.edu.gov.il matific-admintools.auth.us-east-1.amazoncognito.com *.matific.ca *.matific.com *.matific.eu 'self' staging-matific-admintools.auth.us-east-1.amazoncognito.com 'unsafe-eval' www.facebook.com; frame-ancestors *.matific.com 'self' www.instructure.com www.matific.com; frame-src * accounts.google.com app.smartsheet.com bid.g.doubleclick.net *.bluesnap.com checkoutshopper-live.adyen.com consentcdn.cookiebot.com customer-h8ynfrgd4l2k01xb.cloudflarestream.com d5c36hgmtufmn.cloudfront.net gateway.zscalerone.net https://beacon-v2.helpscout.net https://*.cardinalcommerce.com https://fast.wistia.com https://fast.wistia.net live.adyen.com live-apse.adyen.com live-au.adyen.com live-us.adyen.com *.matific.ca *.matific.com *.matific.eu matific-prod.firebaseapp.com pagesense.zoho.com.au pay.google.com policies.google.com prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com 'self' site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com tst.kaptcha.com 'unsafe-eval' us-east-1.quicksight.aws.amazon.com www.facebook.com www.google.com www.gstatic.com; img-src accounts.google.com *.analytics.google.com analytics.google.com analytics.twitter.com bam-cell.nr-data.net bam.nr-data.net blob: *.bluesnap.com c.bing.com code.jquery.com connect.facebook.net csi.gstatic.com cx.atdmt.com d33v4339jhl8k0.cloudfront.net d5c36hgmtufmn.cloudfront.net data: dev.visualwebsiteoptimizer.com files.readme.io gateway.zscalerone.net googleads.g.doubleclick.net *.google-analytics.com *.gstatic.com heapanalytics.com https://beacon-v2.helpscout.net https://c.clarity.ms/ https://c.clarity.ms/c.gif https://chatapi-prod.s3.amazonaws.com/ https://embedwistia-a.akamaihd.net https://*.gravatar.com https://matific1084.zendesk.com https://static.zdassets.com https://v2assets.zopim.io https://*.wistia.com https://*.wistia.net https://www.facebook.com/ https://www.facebook.com/tr/ imgsct.cookiebot.com matific-a.akamaihd.net *.matific.ca *.matific.com *.matific.eu p.adsymptotic.com pagesense-collect.zoho.com.au prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com p.typekit.net px4.ads.linkedin.com px.ads.linkedin.com resources.usersnap.com 'self' site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com static.ads-twitter.com stats.g.doubleclick.net t.co translate.googleapis.com translate.google.com tst.kaptcha.com 'unsafe-eval' 'unsafe-inline' web.facebook.com www.google.ad www.google.ae www.google.al www.google.at www.google.az www.google.be www.google.bg www.google.bt www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.com www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mn www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.googletagmanager.com www.google.tt www.google.vg www.google.vu www.kidsafeseal.com www.linkedin.com *.zendesk.com; media-src blob: data: https://beacon-v2.helpscout.net https://customer-h8ynfrgd4l2k01xb.cloudflarestream.com https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net *.matific.com 'unsafe-eval' *.zdassets.com; object-src https://beacon-v2.helpscout.net 'self' 'unsafe-eval' 'unsafe-inline'; script-src ajax.googleapis.com analytics.twitter.com apis.google.com appleid.cdn-apple.com bam-cell.nr-data.net bam.nr-data.net beacon-v2.helpscout.net blob: *.bluesnap.com cdn4.mxpnl.com cdn.heapanalytics.com cdnjs.cloudflare.com cdn.mxpnl.com checkoutshopper-live.adyen.com code.jquery.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com firebase.googleapis.com firstore.googleapis.com gateway.zscalerone.net googleads.g.doubleclick.net *.google-analytics.com *.google.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://fast.wistia.com https://src.litix.io https://*.wistia.com https://*.wistia.net js-agent.newrelic.com *.matific.ca *.matific.com *.matific.eu *.pagesense.io pi.pardot.com resources.usersnap.com 'self' snap.licdn.com static.ads-twitter.com static.zdassets.com static.zohocdn.com translate.googleapis.com translate.google.com 'unsafe-eval' 'unsafe-inline' use.typekit.net wa.appsflyer.com websdk.appsflyer.com widget.usersnap.com www.googleadservices.com www.google.al www.google.cn www.google.co.kr www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.na www.google.com.ng www.google.com.ni www.google.com.om www.google.com.sg www.google.co.zw www.google.dk www.google.es www.google.iq www.google.kg www.google.md www.google.mn www.google.mv www.google.rs www.google.se www.google.si www.google.sk www.googletagmanager.com www.gstatic.com; script-src-attr 'unsafe-inline'; script-src-elem ajax.googleapis.com analytics.twitter.com apis.google.com appleid.cdn-apple.com bam-cell.nr-data.net bam.nr-data.net beacon-v2.helpscout.net *.bluesnap.com cdn4.mxpnl.com cdn.heapanalytics.com cdnjs.cloudflare.com cdn.mxpnl.com checkoutshopper-live.adyen.com code.jquery.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com fast.wistia.com googleads.g.doubleclick.net *.google-analytics.com googletagmanager.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms https://fast.wistia.com js-agent.newrelic.com *.matific.ca *.matific.com *.matific.eu pagesense-collect.zoho.com.au *.pagesense.io pagesense.zoho.com.au pay.google.com pi.pardot.com plus.google.com resources.usersnap.com 'self' snap.licdn.com ssl.kaptcha.com static.ads-twitter.com static.zdassets.com static.zohocdn.com 'unsafe-inline' use.typekit.net wa.appsflyer.com websdk.appsflyer.com widget.usersnap.com www.googleadservices.com www.google.com www.googletagmanager.com www.gstatic.com; style-src blob: cdnjs.cloudflare.com checkoutshopper-live.adyen.com fonts.googleapis.com heapanalytics.com https://beacon-v2.helpscout.net https://fast.wistia.com *.matific.ca *.matific.com *.matific.eu 'self' stackpath.bootstrapcdn.com translate.googleapis.com 'unsafe-eval' 'unsafe-inline' use.fontawesome.com; style-src-attr 'unsafe-inline'; style-src-elem cdnjs.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com fonts.googleapis.com heapanalytics.com *.matific.ca *.matific.com *.matific.eu 'self' stackpath.bootstrapcdn.com 'unsafe-inline' use.fontawesome.com; worker-src blob: 'self'; report-uri https://matific.report-uri.com/r/d/csp/reportOnly; report-to default; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.trustpilot.com https://symphony.ocltraining-int.com https://symphony.ocltraining-qa.com https://symphony.ocltraining.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.certcapture.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.disqus.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.lytics.io *.customer.io www.googletagmanager.com www.googleoptimize.com maps.googleapis.com www.gstatic.com *.hotjar.com *.privacymanager.io *.onetrust.com polyfill.io *.bytedapm.com *.ttwstatic.com www.tiktok.com *.tiktokcdn-us.com *.pricespider.com *.swaven.com *.static-swaven.com edge.marker.io login.dotomi.com sc-static.net; report-uri https://o4504005838045184.ingest.sentry.io/api/4505410929033216/security/?sentry_key=14a5b105c2c7443983e52fe24209ded4 2 font-src *.fontawesome.com https://fonts.bunny.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.google.com/ https://www.youtube.com js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://firebasestorage.googleapis.com https://www.magezon.com https://www.mollie.com *.cloudimg.io data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://browser.sentry-cdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ js.mollie.com *.cloudimg.io *.scaleflex.it *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-uri /cdn-cgi/script_monitor/report 2 default-src 'self' *.fontawesome.com *.visualstudio.com cdn.cookielaw.org *.azure.com *.krxd.net *.facebook.com *.googletagmanager.com *.linkedin.oribi.io *.google.com *.doubleclick.net *.liveperson.net *.google-analytics.com fintactix.com *.adsrvr.org *.lpsnmedia.net *.elfsight.com;script-src 'self' 'unsafe-inline' unpkg.com code.jquery.com stackpath.bootstrapcdn.com customer.cludo.com cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com *.licdn.com *.convergetrack.com js.monitor.azure.com *.adroll.com *.facebook.net *.google-analytics.com *.doubleclick.net *.lpsnmedia.net *.liveperson.net *.adsrvr.org *.google.com *.elfsight.com cdn.cookielaw.org maxcdn.bootstrapcdn.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' customer.cludo.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net;img-src 'self' data: *.adsrvr.org *.convergetrack.com *.demdex.net *.google.com *.lpsnmedia.net *.linkedin.com *.facebook.com *.krxd.com *.krxd.net *.adroll.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.elfsight.com;font-src 'self' fonts.gstatic.com *.fontawesome.com 2 base-uri 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.net *.googleapis.com *.google.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.hotjar.com *.kameleoon.eu mycliplister.com *.speedcurve.com *.tiqcdn.com *.tealiumiq.com *.theadex.com; report-uri /api/v1/csp-report; report-to csp-endpoint; 2 default-src 'self' data: 'unsafe-inline' *.belden.com belden.com cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com go.alphawire.com pi.pardot.com static.cloud.coveo.com www.googletagmanager.com analytics.google.com siteintercept.qualtrics.com stats.g.doubleclick.net zn2avekmmkqwmhtco-belden.siteintercept.qualtrics.com beldencableproductionbugpvwoi.analytics.org.coveo.com beldencableproductionbugpvwoi.org.coveo.com code.jquery.com null; script-src 'unsafe-inline' 'unsafe-eval' bat.bing.com *.belden.com belden.com cdn.pardot.com cdn.cookielaw.org view.ceros.com cdn.evgnet.com code.jquery.com connect.facebook.net googleads.g.doubleclick.net j.6sc.co maps.googleapis.com pi.pardot.com siteintercept.qualtrics.com snap.licdn.com ssl.google-analytics.com static.cloud.coveo.com wasm-eval www.googletagmanager.com www.youtube.com znddv5x3kanrnsrdw-belden.siteintercept.qualtrics.com zn1jm0i9w5rbcjil6-belden.siteintercept.qualtrics.com go.alphawire.com cdnjs.cloudflare.com www.alphawire.com www.googleadservices.com pagead2.googlesyndication.com code.metalocator.com; script-src-elem 'self' 'unsafe-inline' analytics.convertlanguage.com bat.bing.com belden.com *.belden.com cdn.cookielaw.org view.ceros.com cdn.evgnet.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net go.alphawire.com googleads.g.doubleclick.net j.6sc.co pi.pardot.com siteintercept.qualtrics.com snap.licdn.com ssl.google-analytics.com static.cloud.coveo.com www.googletagmanager.com www.youtube.com zn2avekmmkqwmhtco-belden.siteintercept.qualtrics.com zn1jm0i9w5rbcjil6-belden.siteintercept.qualtrics.com znddv5x3kanrnsrdw-belden.siteintercept.qualtrics.com html5.dcatalog.com www.google.com maps.googleapis.com pagead2.googlesyndication.com code.metalocator.com www.googleadservices.com; script-src-attr 'unsafe-inline'; style-src 'unsafe-inline' *.belden.com static.cloud.coveo.com fonts.googleapis.com www.alphawire.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.belden.com belden.com fonts.googleapis.com static.cloud.coveo.com cdnjs.cloudflare.com; style-src-attr 'unsafe-inline'; img-src 'self' data: ad.doubleclick.net ade.googlesyndication.com analytics.convertlanguage.com hm.baidu.com *.belden.com belden.com b.6sc.co bat.bing.com cdn.cookielaw.org px.ads.linkedin.com ssl.google-analytics.com www.facebook.com www.google.cl www.google.com www.googletagmanager.com www.google.com.gt www.google.hu googleads.g.doubleclick.net pagead2.googlesyndication.com www.google.ca iad1.qualtrics.com www.google.co.il www.google.com.mx siteintercept.qualtrics.com 61320.global.siteimproveanalytics.io www.google.com.tr www.google.es cts.businesswire.com dilp.netcomponents.com http://dilp.netcomponents.com/images/gocart.gif maps.googleapis.com maps.gstatic.com www.google.bf www.google.co.in www.google.co.jp www.google.co.uk www.google.com.au www.google.com.co www.google.fr www.google.nl www.google.no www.google.be www.google.se www.google.sk www.google.kz www.google.pl www.google.com.tw www.google.cz www.google.co.nz www.google.com.sa www.google.mv translate.google.com www.google.ru www.google.com.vn www.google.ee www.google.com.eg www.google.co.th www.google.co.ve www.google.fi www.google.ch www.google.ie www.google.ro www.google.bg www.google.com.tw google.com.ng www.google.co.ve fonts.gstatic.com google.com.ar www.google.com.hk www.google.com.eg adservice.google.com blob: cdn.metalocator.com connect.facebook.net px4.ads.linkedin.com www.google.co.cr www.google.co.id www.google.com.cu www.google.com.my www.google.com.pr www.google.com.sg www.google.de www.google.gr www.google.is www.google.it www.google.lk www.linkedin.com file; font-src 'self' data: *.belden.com fonts.gstatic.com null; connect-src 'self' www.googleadservices.com adservice.google.com *.belden.com analytics.google.com beldencableproductionbugpvwoi.analytics.org.coveo.com beldencableproductionbugpvwoi.org.coveo.com beldeninc.us-7.evergage.com c.6sc.co cdn.cookielaw.org ipv6.6sc.co pagead2.googlesyndication.com privacyportal.onetrust.com px.ads.linkedin.com siteintercept.qualtrics.com static.cloud.coveo.com stats.g.doubleclick.net www.google-analytics.com www.google.com bat.bing.com region1.google-analytics.com www.facebook.com region1.analytics.google.com maps.googleapis.com ssl.google-analytics.com googleads.g.doubleclick.net login.microsoftonline.com mozendaagent.ecoinsight.com www.google.ca www.google.com.mx localhost:12387 epsilon.6sense.com secure.adnxs.com; media-src 'self' belden.com *.belden.com bynder-media-us-east-1.s3.amazonaws.com data:; child-src 11330854.fls.doubleclick.net 14683840.fls.doubleclick.net; frame-src 'self' div.show 11330854.fls.doubleclick.net 14683840.fls.doubleclick.net belden.com *.belden.com *.alphawire.com td.doubleclick.net html5.dcatalog.com belden.prod01.logik.io view.ceros.com www.googletagmanager.com www.youtube.com block.opendns.com code.metalocator.com photos.productphoto.com td.doubleclick.net.x.caf244fb07dc70414c0a22903e52945843c7.d043db89.id.opendns.com td.doubleclick.net.x.f46a820d0d27604f490949006659b57240b8.d043db9c.id.opendns.com www.facebook.com; frame-ancestors 'self'; form-action 'self' https://www.facebook.com 'unsafe-inline'; report-uri https://bdnaw.report-uri.com/r/d/csp/reportOnly; report-to https://bdnaw.report-uri.com/r/d/csp/reportOnly; 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://cdn-4.convertexperiments.com/v1/js/10047604-10049274.js https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js https://www.convert.com/current-convert-experiences-script/dist/bundle.js https://www.googletagmanager.com/gtm.js https://public.our-trace.com/scripts/trace-badge.js; style-src 'report-sample' 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.convert.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.our-trace.com; font-src 'self' https://use.typekit.net data:; frame-src 'self'; img-src 'self' data: https://public.our-trace.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2 default-src https:; font-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src blob:; child-src https: blob:; connect-src https: wss: ws://localhost properties; frame-ancestors self https://*.canalrivertrust.org.uk; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubea520d882159cf02e05bcc09d662cae8&dd-evp-origin=content-security-policy&ddsource=csp-report 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.wp.com http://*.wp.com *.wp.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 2 default-src 'self'; connect-src 'self' https://googleads.g.doubleclick.net https://www.google.com; script-src 'self' https://googleads.g.doubleclick.net/pagead/conversion_async.js https://www.google.com/maps/api/js 'strict-dynamic' 'nonce-randomstring' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://www.google.com https://googleads.g.doubleclick.net; base-uri 'none'; report-uri https://your-report-uri.example.com; 2 default-src 'self' https:; connect-src 'self' https: wss: javascript:; font-src 'self' data: use.typekit.net fonts.gstatic.com *.cloudfront.net fonts.googleapis.com themes.googleusercontent.com; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' blob: data: https: pbs.twimg.com; media-src 'self' data: blob: https:; object-src 'self' parentsquare-restricted-data-production.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /csp_report 2 script-src 'self' https://ajax.googleapis.com https://f1000research.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 2 default-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com https://ajax.googleapis.com/ https://first.iovation.com/ https://mpsnare.iesnare.com/ https://128-koi-090.mktoresp.com/ *.gskydev.net *.gskydev.com https://auth.prod.greensky.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://pages.greenskycredit.com https://www.google.com/ https://www.gstatic.com https://cdnjs.cloudflare.com https://app-ab27.marketo.com https://munchkin.marketo.net https://abrtp1-cdn.marketo.com blob: http://static.site24x7rum.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.wistia.com https://rtp-static.marketo.com https://abrtp1.marketo.com https://js.driftt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://pages.greenskycredit.com/ https://cdn.jsdelivr.net/ https://www.greensky.com/ *.gskydev.com *.gskydev.net https://use.fontawesome.com/ https://pro.fontawesome.com/ https://rtp-static.marketo.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/css/ https://app-ab27.marketo.com/ https://munchkin.marketo.net; font-src 'self' https://cdnjs.cloudflare.com https://pro.fontawesome.com/ data: https://fonts.gstatic.com https://fast.wistia.com https://use.fontawesome.com; img-src 'self' https://www.googletagmanager.com https://rs.fullstory.com *.greensky.com/ *.gskydev.com/ *.gskydev.net/ https://embed-ssl.wistia.com data: https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.com https://greensky.dotcmscloud.com https://*.greensky.dotcmscloud.com embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com http://embed.wistia.com/ https://www.google.com https://www.google.de https://app-ab27.marketo.com https://pages.greenskycredit.com; media-src 'self' blob: https://js.driftt.com; frame-src 'self' https://pages.greenskycredit.com/ https://app-ab27.marketo.com/ https://www.google.com/ https://js.driftt.com; connect-src 'self' https://analytics.google.com https://edge.fullstory.com https://rs.fullstory.com *.gskydev.com/ *.gskydev.net/ https://128-koi-090.mktoresp.com/ https://abrtp1.marketo.com https://*.google-analytics.com https://stats.g.doubleclick.net *.greensky.dotcmscloud.com https://greensky.dotcmscloud.com *.greensky.com *.litix.io embedwistia-a.akamaihd.net/ *.wistia.com https://128-koi-090.mktoresp.com; object-src 'self' https://app-ab27.marketo.com/ ; base-uri 'self';manifest-src 'self'; worker-src 'none'; report-to https://www.greensky.com 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudfront.net *.ripcurl.com *.maps.googleapis.com *.googleapis.com *.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.certcapture.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.cloudfront.net *.ripcurl.com *.livechatinc.com *.hotjar.com maps.googleapis.com *.googleapis.com *.searchspring.net *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.certcapture.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.ripcurl.com *.maps.googleapis.com *.googleapis.com *.dmxleo.com *.aralego.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.bing.com *.google.com *.google.com.bd *.google.com.au *.google.com.nz *.google.com.us *.google.com.fr *.google.com.de *.google.com.ch *.google.com.es *.google.com.it *.google.com.nl *.google.com.uk *.google.com.pt *.onetrust.com *.facebook.com *.facebook.net *.dycdn.net *.a.searchspring.io *.paypalobjects.com a.omappapi.com *.smartadserver.com *.taboola.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.media.net *.outbrain.com *.pubmatic.com *.rubiconproject.com s.ad.smaato.net *.teads.tv *.clmbtech.com *.3lift.com sync-criteo.ads.yieldmo.com *.1rx.io *.bluekai.com *.contextweb.com sync.targeting.unrulymedia.com *.stickyadstv.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com *.certcapture.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://hosted.mastersoftgroup.com/ *.cloudfront.net *.ripcurl.com *.searchspring.io *.maps.googleapis.com *.googleapis.com acsbapp.com *.acsbapp.com *.freshrelevance.com *.freshchat.com *.searchspring.net *.bing.com *.facebook.net *.criteo.net *.criteo.com *.lexer.io *.affilae.com *.jquery.com *.cloudflare.com *.googletagmanager.com *.onetrust.com *.omappapi.com *.micpn.com *.mastersoftgroup.com *.cardinalcommerce.com snapui.searchspring.io *.googleadservices.com *.bingg.net *.attentivemobile.com *.vimeo.com *.braintreegateway.com gstatic.com a.omappapi.com t.cfjump.com js.createsend1.com *.trustpilot.com *.dycdn.net wss://am.freshrelevance.com/ *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.certcapture.com assets.braintreegateway.com *.cloudfront.net *.ripcurl.com *.maps.googleapis.com *.googleapis.com *.typekit.net *.searchspring.io *.freshchat.com *.searchspring.net *.bing.com *.google.com *.cloudflare.com *.bootstrapcdn.com *.onetrust.com *.omappapi.com *.mastersoftgroup.com a.omappapi.com *.yotpo.com t.cfjump.com acsbapp.com *.acsbapp.com *.dycdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.ripcurl.com *.maps.googleapis.com *.googleapis.com *.dmxleo.com *.aralego.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.onetrust.com *.facebook.com data: *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com *.certcapture.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cloudfront.net *.ripcurl.com *.google-analytics.com *.maps.googleapis.com *.googleapis.com *.searchspring.io acsbapp.com *.acsbapp.com *.freshrelevance.com *.freshchat.com *.searchspring.net *.bing.com *.facebook.net *.criteo.net *.criteo.com *.lexer.io *.jquery.com *.cloudflare.com *.googletagmanager.com *.onetrust.com *.omappapi.com *.micpn.com *.dycdn.net assets.adobedtm.com *.adobe.com *.mastersoftgroup.com snapui.searchspring.io *.googleadservices.com googleads.g.doubleclick.net *.vimeocdn.com *.youtube.com *.bingg.net *.attentivemobile.com *.vimeo.com *.braintreegateway.com gstatic.com a.omappapi.com t.cfjump.com js.createsend1.com *.trustpilot.com wss://am.freshrelevance.com/ *.googlesyndication.com *.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; form-action 'none' 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://static.unzer.com https://applepay.cdn-apple.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.facebook.com *.nkd.com *.nkd.it 'self' 'unsafe-inline'; frame-ancestors *.nkd.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://google.com/pay https://pay.google.com/ https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com ad4m.at *.criteo.com *.doubleclick.net www.facebook.com hal9000.redintelligence.net *.usercentrics.eu www.usemaxserver.de *.fls.doubleclick.net *.creativecdn.com tsdtocl.com *.facebook.com *.sovendus-benefits.com *.sovendus-connect.com *.usemaxserver.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com maps.gstatic.com https://static.unzer.com *.online-metrix.net https://www.gstatic.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com static-eu.payments-amazon.com *.hsforms.net *.hsforms.com 'self' data: ad11.adfarm1.adition.com bat.bing.com *.doubleclick.net *.google.com *.google.pl imagesrv.adition.com lantern.roeye.com *.nkd.com track.adform.net usage.trackjs.com *.usercentrics.eu widgets.trustedshops.com www.facebook.com *.360yield.com *.3lift.com *.addlv.smt.docomo.ne.jp *.adform.net *.admixer.net *.adnxs.com *.adscale.de *.adx.opera.com *.bing.com *.casalemedia.com *.ck-ie.com *.connectad.io *.console.adtarget.com.tr *.creativecdn.com *.dmxleo.com *.e-planning.net *.facebook.com *.facebook.net *.g.doubleclick.net *.go.sonobi.com *.gumgum.com *.inmobi.com *.leap.de *.loopme.me *.marphezis.com *.media.net *.mgid.com *.nexx360.io *.openx.net *.outbrain.com *.roeye.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.trackjs.com *.udmserve.net *.visx.net *.adition.com *.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com cdnjs.cloudflare.com *.googleoptimize.com maps.googleapis.com https://static.unzer.com https://applepay.cdn-apple.com https://pay.google.com https://code.jquery.com https://h.online-metrix.net https://h64.online-metrix.net secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.hsforms.net *.hsforms.com *.gstatic.com ad4m.at api.sovendus.com bat.bing.com *.taboola.com cdn.mouseflow.com core.loopingo.com *.criteo.com *.epoq.de epoq-systems.de *.facebook.net *.kameleoon.eu lantern.roeyecdn.com *.nkd.com tags.creativecdn.com *.usercentrics.eu webanalytics.mso.digital widgets.trustedshops.com www.dwin1.com www.usemaxserver.de *.bing.com *.dwin1.com *.epoq-systems.de *.loopingo.com *.usemaxserver.de *.trustedshops.com *.googletagmanager.com *.mouseflow.com *.outbrain.com *.creativecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.gstatic.com *.epoq.de epoq-systems.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.scarabresearch.com *.eservice.emarsys.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://sbx-api.unzer.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://sbx-payment.unzer.com https://h.online-metrix.net https://h64.online-metrix.net https://google.com/pay https://www.google.com/pay https://pay.google.com https://test-heidelpay.hpcgw.net/ https://sbx-api.heidelpay.com/ payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com ams.creativecdn.com api.usercentrics.eu bat.bing.com *.criteo.com *.googleapis.com *.taboola.com webanalytics.mso.digital *.bing.com *.trustedshops.com *.usercentrics.eu *.creativecdn.com *.bing.net *.loopingo.com *.kameleoon.eu *.sovendus.com *.arc.epoq.de *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org; connect-src 'self' ws://exercism.org https://cdn.jsdelivr.net https://sessions.bugsnag.com/; img-src 'self' data: https://*; media-src *; script-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://js.stripe.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://maxcdn.bootstrapcdn.com; style-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org 'unsafe-inline' https://maxcdn.bootstrapcdn.com; child-src 'none' 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 2 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 2 base-uri 'self'; connect-src 'self' https://*.fontawesome.com/ https://*.formassembly.com/ https://*.promedica.app/ https://*.vercel-storage.com/ https://*.vercel.app/ https://analytics.google.com/ https://api.stadiamaps.com/ https://cdn.cookielaw.org/ https://cm.pmdt-jss.localhost/ https://maps.googleapis.com/ https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net/ https://mc-d506a988-cc64-4e20-af8c-4606-afd.azurefd.net/ https://pagead2.googlesyndication.com/ https://pcl-staging.promedica.org/ https://pcl.promedica.org/ https://promedica.matomo.cloud/ https://siteintercept.qualtrics.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/; default-src 'self' https://*.promedica.app/ https://*.vercel.app/; font-src 'self' data: https://*.fontawesome.com/ https://*.promedica.app/ https://*.vercel.app/ https://fonts.gstatic.com/ https://use.typekit.net/; frame-src 'self' https://td.doubleclick.net/ https://www.google.com/ https://www.youtube.com/; img-src 'self' data: http://dummyimage.com https://*.promedica.app https://*.qualtrics.com https://*.vercel.app https://cdn.cookielaw.org https://maps.googleapis.com https://maps.gstatic.com https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net https://mc-d506a988-cc64-4e20-af8c-4606-afd.azurefd.net https://pcl-staging.promedica.org https://pcl.promedica.org https://www.google-analytics.com https://www.google.com.ec https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' data: https://pcl.promedica.org/ https://pcl-staging.promedica.org/; object-src 'none'; report-uri https://6480f3f9bf4bdd8c5cde6f2b.endpoint.csper.io/?v=1; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://*.promedica.app/ https://*.vercel.app/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://cdn.mouseflow.com/ https://googleads.g.doubleclick.net/ https://kit.fontawesome.com/ https://maps.googleapis.com/ https://promedica.tfaforms.net/ https://siteintercept.qualtrics.com/ https://unpkg.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/ https://zn86cv25rplysllsr-promedica.siteintercept.qualtrics.com/SIE/; style-src 'report-sample' 'unsafe-inline' 'self' https://*.promedica.app/ https://*.vercel.app/ https://fonts.googleapis.com/ https://promedica.tfaforms.net/; worker-src 'self' blob: 2 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com platform.cloud-iq.com.au *.google.com *.facebook.com *.doubleclick.net *.bedbathntable.com.au *.criteo.com *.pinterest.com *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com *.googleapis.com *.gstatic.com dev.visualwebsiteoptimizer.com *.google.com *.facebook.com *.cloud-iq.com.au *.afterpay.com *.linksynergy.com *.google.com.au *.bedbathntable.com.au bbnt-m2-image-library.s3-ap-southeast-2.amazonaws.com *.cdninstagram.com *.google.lk *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.media.net *.bing.com *.yieldmo.com *.aralego.com *.3lift.com *.clmbtech.com *.teads.tv *.smaato.net *.rubiconproject.com *.pubmatic.com *.outbrain.com *.aralego.net *.1rx.io *.bluekai.com *.contextweb.com *.unrulymedia.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.googleapis.com *.gstatic.com applepay.cdn-apple.com dev.visualwebsiteoptimizer.com *.afterpay.com *.newrelic.com cdnjs.cloudflare.com bam-cell.nr-data.net platform.cloud-iq.com.au *.crazyegg.com *.facebook.net *.facebook.com *.rakuten.com googleads.g.doubleclick.net *.google.com cdn.lr-ingest.io *.foursixty.com *.bedbathntable.com.au *.tiktok.com *.pinimg.com *.criteo.com *.pinterest.com *.freshworks.net *.freshworks.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com unpkg.com *.foursixty.com *.bedbathntable.com.au *.cloud-iq.com.au *.typekit.net *.freshworks.net *.freshworks.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.googleapis.com *.crazyegg.com googleads.g.doubleclick.net *.nr-data.net *.lr-ingest.io *.foursixty.com foursixty.com *.google-analytics.com *.doubleclick.net *.bedbathntable.com.au *.pinterest.com *.pangle-ads.com *.tiktok.com *.criteo.com *.google.com *.freshworks.net *.freshworks.com *.attraqt.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https://*.wistia.com https://*.wistia.net https://cdn.growthbook.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google-analytics.com https://www.youtube.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://www.clarity.ms https://static.homerun.co https://unpkg.com/@googlemaps/ https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net https://*.intercom.io wss://*.intercom.io https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; style-src 'self' 'unsafe-inline' https://moneybird.nl https://www.moneybird.nl https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.gstatic.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com https://static.homerun.co https://fonts.bunny.net https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.adyen.com/ https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; img-src 'self' https://moneybird.nl https://www.moneybird.nl https://prismic-io.s3.amazonaws.com https://images.prismic.io https://moneybird.cdn.prismic.io https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net data: https://*.adyen.com/ https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://moneybird.nl https://www.moneybird.nl https://help.moneybird.nl https://bat.bing.com https://gtm.moneybird.nl https://gtm.moneybird.com https://gtm.moneybird.be https://gtm.moneybird.de https://pagead2.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://moneybird.com https://www.moneybird.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://j.clarity.ms https://embed.homerun.co https://maps.googleapis.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://*.wistia.com https://*.wistia.net https://cdn.growthbook.io https://*.intercom.io wss://*.intercom.io https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; frame-src 'self' https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://gtm.moneybird.be https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com https://fast.wistia.com https://fast.wistia.net https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; font-src 'self' https://moneybird.nl https://www.moneybird.nl https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.bunny.net https://*.wistia.com data: https://intercom-sheets.com/ https://*.intercomcdn.eu https://*.intercomcdn.com https://*.intercomassets.eu; report-uri https://moneybird.com/csp_report; 2 default-src 'self' blob: *.senado.gov.br *.senado.leg.br;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.senado.gov.br *.senado.leg.br *.youtube.com *.google-analytics.com www.googletagmanager.com vlibras.gov.br ajax.googleapis.com www.gstatic.com;img-src 'self' data: blob: *.senado.gov.br *.senado.leg.br *.ytimg.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.gstatic.com vlibras.gov.br;connect-src 'self' *.senado.gov.br *.senado.leg.br vlibras.gov.br *.vlibras.gov.br www.google-analytics.com www.googletagmanager.com;font-src 'self' data: vlibras.gov.br cdnjs.cloudflare.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' *.senado.gov.br *.senado.leg.br cdnjs.cloudflare.com fonts.googleapis.com;worker-src blob: *.senado.leg.br *.senado.gov.br;object-src 'none';frame-src 'self' *.senado.gov.br *.senado.leg.br *.youtube.com www.youtube-nocookie.com;base-uri 'self';frame-ancestors 'self' *.senado.gov.br *.senado.leg.br 2 default-src 'self'; script-src 'self' *.argenta.be *.googleapis.com *.adobedtm.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org *.teads.tv *.facebook.net *.hotjar.com *.tiqcdn.com *.pingdom.net *.google.ie 'unsafe-inline' 'unsafe-eval' wasm-eval; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://agentaspaarbank.tt.omtrdc.net *.googleapis.com *.simargenta.be *.argenta.be *.teads.tv *.googlesyndication.com *.pingdom.net; font-src 'self'; frame-src 'self' *.tst-argenta.be *.adsrvr.org *.teads.tv *.doubleclick.net; img-src 'self' *.argenta.be *.simargenta.be *.facebook.com *.google.be *.google.com *.google.ie *.teads.tv *.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2 connect-src *; default-src *; font-src * data:; frame-src *; img-src data: *; script-src 'unsafe-inline' 'unsafe-eval' *; script-src-elem 'unsafe-inline' *; style-src 'unsafe-inline' *; style-src-elem 'unsafe-inline' *; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.chartbeat.com optanon.blob.core.windows.net *.brightcove.net *.brightcove.com *.googleadservices.com *.adservice.google.com https://adservice.google.com/* adservice.google.com.br *.googletagmanager.com *.tagmanager.google.com *.chimpstatic.com chimpstatic.com *.jquery.com *.zencdn.net *.ytimg.com *.surveymonkey.com *.googleapis.com *.facebook.net *.googletagservices.com *.addthis.com *.google-analytics.com *.onetrust.com *.ampproject.org *.doubleclick.net *.google.com *.mailchimp.com *.addthisedge.com *.youtube.com *.google.co.uk *.list-manage.com *.outbrain.com *.twitter.com *.twimg.com *.googlesyndication.com *.moatads.com *.radioplayer.co.uk *.cheqzone.com *.rubiconproject.com *.cookielaw.org *.cloudflareinsights.com *.instagram.com *.apester.com *.snap.licdn.com *.doubleverify.com *.aniview.com *.vidazoo.com *.ajax.cloudflare.com *.licdn.com *.pinterest.com *.embedresponsively.com *.amazonaws.com *.apester.com/* *.forces.liveblog.pro *.forces.liveblog.pro/* *.strawpoll.com *.freewheel.tv *.lkqd.net *.beachfront.com *.smartadserver.com *.aniview.com *.admanmedia.com *.improvedigital.com *.onetag.com *.indexexchange.com *.pubmatic.com *.rhythmone.com *.video.unrulymedia.com *.gstatic.com *.newrelic.com cdn.jsdelivr.net cdn.bidder.dev c.amazon-adsystem.com quantcast.mgr.consensu.org secure.quantserve.com rules.quantcount.com static.criteo.net *.dotomi.com *.tiktok.com *.google.ie *.ibytedtos.com *.tiktokcdn.com chartbeat.com *.media.net *.sharethrough.com *.openx.com *.sonobi.com *.districtm.io *.emxdgt.com *.appnexus.com *.google.com *.rhythmone.com *.33across.com *.lemmatechnologies.com *.e-planning.net *.themediagrid.com *.sovrn.com *.lijit.com *.gumgum.com *.nr-data.net *.ttwstatic.com *.thinglink.com *.thinglink.me *.defybrick.com e.infogram.com *.clarity.ms; frame-src 'self' 'unsafe-eval' *.addthis.com *.googlesyndication.com *.facebook.com/ *.outbrain.com *.twitter.com *.surveymonkey.com embeds.audioboom.com *.rubiconproject.com *.apester.com *.openx.net *.pinterest.com *.instagram.com *.embedresponsively.com *.youtube.com *.pubmatic.com *.forces.net *.forcesnews.com *.google.com *.bfbs.com apester.com/* forces.liveblog.pro forces.liveblog.pro/* *.strawpoll.com/ timbre-player.sharp-stream.com *.chartbeat.com chartbeat.com *.tiktok.com googleads.g.doubleclick.net gum.criteo.com pre.ads.justpremium.com console.googletagservices.com giphy.com *.giphy.com e.infogram.com *.thinglink.com *.thinglink.me; child-src 'self' 'unsafe-inline' 'unsafe-eval' blob: apester.com/* forces.liveblog.pro/* *.strawpoll.com/; upgrade-insecure-requests 2 default-src 'self'; child-src 'self' https://platform.twitter.com https://youtube.com; connect-src 'self' https://cdnmon.cfigroup.com https://dap.digitalgov.gov https://*.doubleclick.net https://orcid.org/userStatus.json https://search.usa.gov https://translate.googleapis.com https://usda.libanswers.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' https://cdn.app.cfigroup.com https://cdn.knightlab.com https://fonts.gstatic.com; frame-src 'self' https://publicdashboards.dl.usda.gov https://*.twitter.com https://usda.libanswers.com https://player.vimeo.com https://*.youtube.com; img-src 'self' data: https://cdnmon.cfigroup.com https://cdn.knightlab.com https://feed.informer.com https://fonts.gstatic.com https://*.nal.usda.gov https://orcid.org https://info.orcid.org https://*.twitter.com https://*.usa.gov https://*.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' https://ajax.googleapis.com https://cdn.jsdelivr.net/npm/jvectormap@2.0.4/ https://cdn.knightlab.com https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.google-analytics.com https://*.libanswers.com https://www.nal.usda.gov https://platform.twitter.com https://search.usa.gov https://www.googletagmanager.com https://www.youtube.com; script-src-elem 'self' https://ajax.googleapis.com https://cdn.knightlab.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/ https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/ https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.libanswers.com https://www.nal.usda.gov https://publicdashboards.dl.usda.gov https://search.usa.gov https://*.twitter.com https://unpkg.com/chart.js@4.4.0/ https://unpkg.com/chartjs-adapter-date-fns@3.0.0/ https://unpkg.com/chartjs-plugin-datalabels@2.0.0/ https://*.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://fonts.googleapis.com https://search.usa.gov; style-src-elem 'self' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://search.usa.gov; report-uri https://www.nal.usda.gov/csp-collector/index.php; 2 default-src 'self'; script-src 'self' 'report-sample'; style-src 'self'; report-to csp-endpoint 2 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com 'self' data: *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.innoship.ro https://www.googletagmanager.com/ *.wesupply.xyz https://wesupplylabs.com s.pinimg.com ct.pinterest.com consentcdn.cookiebot.com *.weltpixel.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com *.tile.openstreetmap.org *.openstreetmap.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ t.themarketer.com cdn1.themarketer.com *.hsforms.net *.hsforms.com 'self' data: www.google.ro/ads www.facebook.com/tr analytics.tiktok.com *.google-analytics.com *.analytics.google.com s.pinimg.com ct.pinterest.com *.tawk.to cdn.jsdelivr.net *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io t.themarketer.com cdn1.themarketer.com *.hsforms.net *.hsforms.com www.google.ro attr-2p.com cdnjs.cloudflare.com retargeting.newsmanapp.com analytics.tiktok.com https://connect.facebook.net s.pinimg.com ct.pinterest.com consent.cookiebot.com *.tawk.to cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com t.themarketer.com cdn1.themarketer.com *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io t.themarketer.com cdn1.themarketer.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://connect.facebook.net analytics.tiktok.com *.analytics.google.com s.pinimg.com ct.pinterest.com *.tawk.to wss://*.tawk.to *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net t.paypal.com s.ytimg.com video.google.com vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com *.googleapis.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com cdn.xtento.com *.klevu.com *.ksearchnet.com *.avada.io *.trustpilot.com *.yotpo.com preferredliving.com *.preferredliving.com sportys.com *.sportys.com sportystoolshop.com *.sportystoolshop.com wright-bros.com *.wright-bros.com na-library.klarnaservices.com www.googleadservices.com bat.bing.com www.googletagmanager.com *.bc0a.com hello.zonos.com cdn.mouseflow.com secure.quantserve.com cdn.attn.tv *.datasteam.io googleads.g.doubleclick.net rules.quantcount.com aa.agkn.com *.cloudmaestro.com cdn.b0e8.com cdn.iglobalstores.com *.listrakbi.com www.google-analytics.com *.listrak.com widgets.turnto.com www.google.com www.gstatic.com widget.heymarket.com *.clarity.ms *.aviationgifts.com; report-uri /.webscale/csp-report 2 font-src portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.benu.hu data: *.googleapis.com *.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com data: *.google.com *.youtube.com *.publitas.com *.fliphtml5.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com https://redchamps.com www.safemage.com *.benu.hu *.cloudfront.net *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com image.arukereso.hu *.google.hu *.hotjar.com *.arukereso.hu *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.avada.io https://cdnjs.cloudflare.com maps.googleapis.com *.google.com *.googletagmanager.com https://googleads.g.doubleclick.net *.googleadservices.com *.prefixbox.com *.publitas.com *.hotjar.com *.benu.hu *.arukereso.com gravity-dev-assets.oss-eu-central-1.aliyuncs.com benuhu.engine.yusp.com https://maileon-cdn.s3.eu-central-1.amazonaws.com/met/met.js clarity.ms *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.prefixbox.com *.benu.hu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.benu.hu *.google-analytics.com *.prefixbox.com *.doubleclick.net *.services.visualstudio.com *.hotjar.com *.hotjar.io benuhu.engine.yusp.com *.maileon.hu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' wss: https:; object-src 'self'; child-src blob:; frame-src 'self' https:; worker-src blob:; frame-ancestors 'none'; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/reportOnly; report-to csp-endpoint 2 default-src 'self'; img-src * data: https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' *; frame-src https:; connect-src https:; font-src 'self' https://cdn.segmentify.com; 2 frame-ancestors 'none'; report-uri https://endpoint3.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV30Tj5vtZfuZ0tYPfqb8xOSxI9TJ5CbQ_ZE4W4aGoGW8HViqViD0nttCcDqHOZNNhObvJtSbYn1XDP7uSjlITCzSLlNsuSdwZ46El5dcVC6kg== 2 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.rab.equipment *.intervieweb.it *.algolia.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.rentle.io *.wisepops.net wisepops.net *.wisepops.com wisepops.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.intervieweb.it *.rentle.io *.twitter.com *.google.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.hub-box.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.gstatic.com https://images.unsplash.com *.clarity.ms *.rab.equipment *.intervieweb.it *.rentle.io *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.com *.iesnare.com *.locally.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.co.uk *.paypal.com *.twitter.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cc-cdn.com *.storyblok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com.ua *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.rab.equipment *.rentle.io *.intervieweb.it *.klarnaservices.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.algolia.com *.algolia.io *.locally.com *.outtra.com *.cookiefirst.com *.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googlesyndication.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com apis.google.com gtm.rab.equipment gtm.mcstaging.rab.equipment *.polyfill-fastly.io polyfill-fastly.io *.clarity.ms *.wisepops.net wisepops.net *.wisepops.com wisepops.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cc-cdn.com *.storyblok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.rab.equipment *.intervieweb.it *.rentle.io *.algolia.com *.outtra.com *.locally.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.cookiefirst.com *.wisepops.net wisepops.net *.wisepops.com wisepops.com cc-cdn.com *.storyblok.com unsafe-inline assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.intervieweb.it *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.com *.iesnare.com *.locally.com 'self' data: *.rab.equipment *.rentle.io *.wisepops.net wisepops.net *.wisepops.com wisepops.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://www.google-analytics.com *.intervieweb.it *.rentle.io *.klarnaevt.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.algolia.io *.locally.com *.outtra.com wss://mpsnare.iesnare.com *.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.cookiefirst.com *.clarity.ms *.wisepops.net wisepops.net *.wisepops.com wisepops.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.hub-box.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookiebot.com:* *.fanplayr.com:* *.doubleclick.net:* *.media:* *.googletagmanager.com:* *.sc-static.net:* *.tiktok.com:* *.force.com:* *.jsdelivr.net:* *.amazon-adsystem.com:* *.amazon-adsystem.com:* *.fastclick.net:* *.crwdcntrl.net:* *.id5-sync.com:* *.cloudflare.com:* *.salesforceliveagent.com:* *.snapchat.com:* *.googleapis.com:* *.sc-static.net:* sc-static.net:* *.smilewanted.com:* *.reciteme.com:*; object-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net:* *.force.com:* *.googleapis.com:* *.reciteme.com:* *.cloudflare.com:*; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.northernrailway.co.uk:* *.netlify.app:* *.snapchat.com:* *.cookiebot.com:* *.googleapis.com:* *.googletagmanager.com:* *.fanplayr.com:* data: *.reciteme.com:*; media-src 'self' 'unsafe-eval' 'unsafe-inline'; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookiebot.com:* *.snapchat.com:* *.force.com:* *.northernrailway.co.uk:* *.smilewanted.com:* *.yahoo.com:* *.adnxs.com:* *.ck-ie.com:* *.33across.com:* *.smaato.net:* *.onetag-sys.com:* *.360yield.com:* onetag-sys.com:*; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline'; child-src 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com:* *.reciteme.com:* data:; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazon-adsystem.com:* *.northern-trains.ddev.site *.tiktok.com:* *.snapchat.com:* *.amazon.dev:* *.criteo.com:* *.crwdcntrl.net:* *.fanplayr.com:* *.googlesyndication.com:* *.a2z.com:* *.eu-1-id5-sync.com:* id5-sync.com:* *.33across.com:* *.cookiebot.com:* *.google-analytics.com:* *.reciteme.com:*; report-uri /report-csp-violation 2 default-src 'self' https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net; font-src 'self' data: https://ucarecdn.com https://*.ucarecdn.com https://fonts.gstatic.com; frame-src 'self' https://ucarecdn.com https://*.uploadcare.com https://js.stripe.com https://*.google.com https://*.youtube.com https://*.facebook.com https://codepen.io https://codesandbox.io https://*.codesandbox.io https://zapier.com https://td.doubleclick.net https://www.googletagmanager.com; child-src 'self' blob:; media-src blob: data: https://ucarecdn.com https://*.ucarecdn.com; style-src 'self' 'unsafe-inline' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://unpkg.com https://js.stripe.com https://*.googleapis.com https://*.zapier.com https://*.integrately.com https://app-slash.ferndocs.com https://cdn.cookiehub.eu; connect-src 'self' blob: https://*.cloudfront.net *.uploadcare.com uploadcare.com https://*.s3-accelerate.amazonaws.com https://ucarecdn.com https://*.ucarecdn.com https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.statuspage.io https://*.pingdom.net wss://ws.pusherapp.com https://api.rollbar.com https://*.helpscout.net https://zapier.com https://*.zapier.com https://*.integrately.com https://api.getrewardful.com https://www.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://adservice.google.com https://*.googleadservices.com https://*.facebook.com https://bat.bing.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://registry.npmjs.org https://dev.visualwebsiteoptimizer.com https://cdn.cookiehub.eu https://consent-eu.cookiehub.net https://region-eu.cookiehub.net; img-src 'self' blob: data: https://*.uploadcare.com https://ucarecdn.com https://*.ucarecdn.com https://*.ucr.io https://q.stripe.com https://zapier-images.imgix.net https://zapier.com https://*.zapier.com https://integrately.com https://*.amazonaws.com https://*.travis-ci.com https://*.travis-ci.org https://github.com https://codesandbox.io https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.g.doubleclick.net https://i.ytimg.com https://bat.bing.com *.google.com *.google.at *.google.com.au *.google.be *.google.com.br *.google.by *.google.ca *.google.ch *.google.cn *.google.cz *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.co.id *.google.co.il *.google.co.in *.google.it *.google.co.jp *.google.co.kr *.google.lt *.google.lv *.google.me *.google.com.mx *.google.com.my *.google.nl *.google.no *.google.com.ph *.google.pl *.google.pt *.google.ru *.google.se *.google.com.sg *.google.co.th *.google.com.tr *.google.com.tw *.google.com.ua *.google.co.uk *.google.com.vn *.google.rs *.google.com.ar *.google.com.ph *.google.ee https://*.customer.io https://*.facebook.com https://cx.atdmt.com https://p.adsymptotic.com https://*.linkedin.com https://dev.visualwebsiteoptimizer.com https://icons.ferndocs.com https://files.buildwithfern.com https://api.producthunt.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://js.stripe.com https://m.stripe.network https://*.statuspage.io https://*.pingdom.net https://zapier.com https://cdn.zapier.com https://*.integrately.com https://r.wdfl.co https://*.codepen.io https://*.helpscout.net https://*.google.com https://*.gstatic.com https://cdnjs.cloudflare.com https://cdn.rollbar.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.facebook.net https://snap.licdn.com https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://app-slash.ferndocs.com https://fdr-prod-docs-files-public.s3.amazonaws.com/ https://cdn.cookiehub.eu https://cookiehub.net; frame-ancestors 'self'; report-uri https://app.uploadcare.com/apps/api/v0.1/csp/report/ 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.facebook.com webchat.jdg.co.za *.jdg.co.za *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com peachpayments.com *.peachpayments.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.eu-west-1.amazonaws.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com mrpg.scene7.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com *.oppwa.com oppwa.com *.peachpayments.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com *.what3words.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.peachpayments.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: *.yotpo.com https://js.klevu.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com *.peachpayments.com *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.what3words.com *.googleapis.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.cloudflare.com *.twitter.com *.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com https://plumrocket.com *.googleapis.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.adobedtm.com https://img.youtube.com maps.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com apis.google.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.trustedshops.com *.fontawesome.com graph.facebook.com *.adobedtm.com *.avada.io s7.addthis.com *.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.fontawesome.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de http://hemin11112.pcapredict.com http://services.postcodeanywhere.co.uk *.cloudflare.com *.twitter.com https://get.geojs.io *.avada.io api.addressy.com ekr.zdassets.com/ *.google-analytics.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.bunny.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com td.doubleclick.net 13605183.fls.doubleclick.net www.google.com cdn.octadesk.com *.infonet.com.py *.infonet.com.py:8888/ https://vpos.infonet.com.py:8888/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net static.tacdn.com www.facebook.com ad.doubleclick.net www.google.com.py adservice.google.com c.clarity.ms c.bing.com cellshop.com.py integration-5ojmyuq-qoiivjresdo6e.us-5.magentosite.cloud cdn.leadster.com.br https://desa.infonet.com.py:8035/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google.co.in data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com static.cloudflareinsights.com connect.facebook.net js-agent.newrelic.com www.tripadvisor.com unpkg.com www.tripadvisor.es www.google.com static.tacdn.com www.gstatic.com www.clarity.ms www.jscache.com vpos.infonet.com.py www.tripadvisor.com.br cdn.octadesk.com *.infonet.com.py:8888/ *.newrelic.com *.nr-data.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com tagmanager.google.com ssl.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.tacdn.com *.fontawesome.com https://fonts.bunny.net unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.infonet.com.py:8888 *.infonet.com.py bam.nr-data.net t.clarity.ms *.nr-data.net https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com bam.nr-data.net t.clarity.ms commerce.adobedc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com https://mobbex.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.adobedtm.com *.facebook.com *.mobbex.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com static.whatsapp.net editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com c.clarity.ms www.google.com.ar www.mercadopago.com.ar maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com *.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io *.mobbex.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com js-agent.newrelic.com www.clarity.ms maps.google.com live.decidir.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com static.whatsapp.net editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.mobbex.com parfumerie.com.ar d3cdlnm7te7ky2.cloudfront.net pftesting.66ecommerce.com editionprivee.com d28dzyqv2ij3aj.cloudfront.net eptesting.66ecommerce.com google.com i.clarity.ms z.clarity.ms parfumerie.zendesk.com pod-20.zendesk.com bam.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; upgrade-insecure-requests; block-all-mixed-content 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.vaude.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarna.com js.mollie.com td.doubleclick.net app.usercentrics.eu *.outtra.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.disqus.com https://img.youtube.com https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: www.vaude.com vaude.localhost https://vaude.localhost/ www.google.de app.usercentrics.eu uct.service.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.magento-datasolutions.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.disqus.com js.mollie.com *.hsforms.net *.hsforms.com *.gstatic.com ion.vaude.com id.vaude.com analytics.vaude.com js-agent.newrelic.com vaude.matomo.cloud app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu cdn.matomo.cloud cdn.scarabresearch.com static.scarabresearch.com webchannel-content.eservice.emarsys.net https://cdn.tailwindcss.com https://vaude.homepagerecruiter.de *.outtra.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.klarnacdn.net *.googleapis.com *.gstatic.com *.outtra.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com analytics.vaude.com bam.nr-data.net pagead2.googlesyndication.com vaude.matomo.cloud app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu aggregator.service.usercentrics.eu consent-api.service.consent.usercentrics.eu cdn.matomo.cloud cdn.scarabresearch.com static.scarabresearch.com webchannel-content.eservice.emarsys.net *.outtra.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.afternorth.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://stats.afternorth.com https://maps.googleapis.com https://www.google-analytics.com; img-src 'self' data: https://i.realestatecreate.com https://maps1.dnr.state.mn.us https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; 2 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.googleapis.com *.gstatic.com data: https://fonts.gstatic.com *.stape.io *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com d114hh0cykhyb0.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com superbrightleds.atlassian.net *.brevo.com sibautomation.com *.criteo.com *.nr-data.net *.trustpilot.com *.pinimg.com *.pinterest.com *.licdn.com *.linkedin.com *.vwo.com *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com livehelpnow.net *.livehelpnow.net *.placeholder.com *.cloudfront.net *.trustkeeper.net *.trustwave.com *.digicert.com dis.criteo.com tags.bluekai.com secure.adnxs.com sync.ad-stir.com *.yahoo.com *.360yield.com *.3lift.com *.addthis.com *.adnxs.com *.adscale.de *.advertising.com *.agkn.com *.amazon-adsystem.com *.bbb.org *.bidswitch.net *.bing.com *.casalemedia.com *.clmbtech.com *.contextweb.com *.criteo.com *.demdex.net *.dmxleo.com matching.ivitrack.com *.krxd.net *.liadm.com mcprod.superbrightleds.com *.media.net exchange.mediavine.com partner.mediawallahscript.com *.omnitagjs.com *.outbrain.com *.postrelease.com *.pubmatic.com *.revcontent.com *.rlcdn.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.socdm.com *.smartadserver.com *.stickyadstv.com *.taboola.com *.tapad.com *.teads.tv ad.tpmn.co.kr *.tremorhub.com *.turn.com *.yieldlab.net *.yieldmo.com *.zonos.com *.pinimg.com *.pinterest.com *.linkedin.com *.visualwebsiteoptimizer.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com superbrightleds.atlassian.net *.brevo.com sibautomation.com *.digicert.com *.criteo.net *.newrelic.com *.criteo.com *.nr-data.net *.zonos.com *.trustpilot.com *.iglobalstores.com *.mixpanel.com *.mxpnl.com *.pinimg.com *.pinterest.com *.googleoptimize.com pageimprove.io *.licdn.com *.linkedin.com *.visualwebsiteoptimizer.com *.vwo.com *.facebook.net *.livehelpnow.net *.luckyorange.com d10lpsik1i8c69.cloudfront.net *.bing.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com https://fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com d114hh0cykhyb0.cloudfront.net http://localhost:* *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.brevo.com *.nr-data.net *.criteo.com *.zonos.com *.mixpanel.com *.pinimg.com *.pinterest.com pageimprove.io *.facebook.com *.luckyorange.net *.mmapiws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' https:; report-uri https://reporturi.savagescape.com/report.php; report-to default 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.authorize.net *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.facebook.com *.twitter.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com *.facebook.net *.authorize.net *.simpli.fi js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' http://pero.securite-routiere.gouv.fr https://www.gstatic.com https://www.youtube.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://server.adform.net/Serving/TrackPoint/ https://cstatic.weborama.fr https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; style-src 'self' code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 2 object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 2 frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2 font-src *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com 'self' data: *.yellowmessenger.com *.matahari.com https://font.static.useinsider.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * unsafe-inline *.matahari.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com https://www.googletagmanager.com/ *.matahari.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com gateway.apaylater.com gateway.atome.sg *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.googleadservices.com *.google-analytics.com *.ytimg.com *.yellowmessenger.com *.midtrans.com *.accesstra.de *.matahari.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://meetanshi.com/media/logo.png https://www.google.co.in/ https://invle.co/icm-beacon/639 https://matahari.com/ https://image.useinsider.com/ https://*.useinsider.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ gateway.apaylater.com gateway.atome.sg *.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google-analytics.com *.fontawesome.com *.google.com *.api.useinsider.com *.yellowmessenger.com *.yellow.ai *.addtoany.com *.midtrans.com *.accesstrade.global https://aporve.github.io/MATAHARI/custom.js *.googletagmanager.com webtrafficsource.com *.facebook.net *.invle.co *.doubleclick.net https://gateway.apaylater.com https://js.admediasales.com *.matahari.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://rtg.wewomedia.com/track/code.js https://websdk.appsflyer.com/ https://invle.co/icmt.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com gateway.apaylater.com gateway.atome.sg *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.addtoany.com *.gstatic.com *.yellowmessenger.com *.matahari.com https://atome-paylater-fe.s3-accelerate.amazonaws.com https://assets.api.useinsider.com/css/info.min.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.yellowmessenger.com *.matahari.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net *.googleadservices.com *.google-analytics.com *.ampproject.org *.yellow.ai wss://*.yellow.ai *.yellowmessenger.com wss://*.yellowmessenger.com webtrafficsource.com *.invle.co *.matahari.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://rtg.wewomedia.com/tr https://unification.useinsider.com/api/identity/v1/refresh https://hit.api.useinsider.com/hit https://*.useinsider.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.midtrans.com *.creativecdn.com *.google-analytics.com *.api.useinsider.com *.yellowmessenger.com *.yellow.ai *.atome.id https://websdk.appsflyer.com *.doubleclick.net *.matahari.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' europa.eu https://europa.eu *.europa.eu *.ec.europa.eu *.webtools.europa.eu https://*.webtools.europa.eu https://*.europa.eu https://*.ec.europa.eu data:; script-src 'self' europa.eu https://europa.eu *.europa.eu *.ec.europa.eu https://*.europa.eu https://*.ec.europa.eu 'unsafe-eval' https://cdn.jsdelivr.net https://europa.eu/ https://cdn.ckeditor.com/ckeditor5/ https://webanalytics.europa.eu https://school-education.ec.europa.eu; object-src 'none'; style-src 'self' https://webtools.europa.eu 'unsafe-inline'; img-src 'self' *.europa.eu data: https://webanalytics.europa.eu; frame-src 'self' europa.eu https://europa.eu *.europa.eu *.ec.europa.eu https://*.europa.eu https://*.ec.europa.eu https://w.soundcloud.com https://www.youtube.com/ https://www.dailymotion.com/ https://vimeo.com/ https://www.youtube-nocookie.com; child-src https://w.soundcloud.com https://www.youtube.com/ https://*.ec.europa.eu/ https://www.dailymotion.com/ https://vimeo.com/ 'self' https://webtools.europa.eu https://europa.eu/ ; font-src 'self' europa.eu https://europa.eu *.europa.eu *.ec.europa.eu *.webtools.europa.eu https://*.webtools.europa.eu https://*.europa.eu https://*.ec.europa.eu https://fonts.gstatic.com; connect-src 'self' europa.eu https://europa.eu *.europa.eu *.ec.europa.eu *.webtools.europa.eu https://*.webtools.europa.eu https://*.europa.eu https://*.ec.europa.eu; report-uri /report-csp-violation 2 default-src 'self'; script-src 'self' https://*.cloudflareinsights.com https://*.freshworks.com https://*.tiktok.com https://*.zzgtech.com https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://cdn.jsdelivr.net https://kit.fontawesome.com https://*.pinimg.com https://ct.pinterest.com 'unsafe-inline'; img-src 'self' data: https://*.zzgtech.com https://*.pinterest.com https://*.tiktok.com https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io; font-src 'self' https://*.bootstrapcdn.com https://*.sc-static.net https://*.googleapis.com https://*.gstatic.com https://*.fontawesome.com; style-src 'self' https://*.freshworks.com https://*.signalsight.io https://signalsight.io https://*.fontawesome.com https://*.bootstrapcdn.com https://*.googleapis.com 'unsafe-inline'; connect-src 'self' https://*.freshworks.com https://*.zzgtech.com https://*.tiktok.com https://*.facebook.net https://*.ssevt.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.signalsight.io https://*.fontawesome.com https://*.pinterest.com; frame-src 'self' https://*.zzgtech.com https://*.pinterest.com https://www.google.com; frame-ancestors *.signalsight.io 2 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.narvar.com *.narvar.qa *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klaviyo.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.facebook.net/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net www.xtento.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.narvar.com *.narvar.qa *.reviews.io *.reviews.co.uk *.doubleclick.net/ https://insight.adsrvr.org/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.narvar.com *.narvar.qa www.xtento.com cdn.xtento.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.doubleclick.net/ https://bat.bing.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com s7.addthis.com *.online-metrix.net www.xtento.com cdn.xtento.com testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.narvar.com *.narvar.qa *.reviews.io *.reviews.co.uk https://snap.licdn.com/ https://js.adsrvr.org/ *.facebook.net/ *.hotjar.com/ https://unpkg.com/ https://bat.bing.com/ *.cloudflare.com *.newrelic.com/ *.trackjs.com/ *.cookiepro.com/ *.clarity.ms/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://api.addressfinder.io https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io https://api.addressfinder.io *.algolia.net *.algolia.com *.algolianet.com ekr.zdassets.com/ thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.doubleclick.net/ *.hotjar.io/ *.cookiepro.com/ *.clarity.ms/ https://bam.nr-data.net/ *.blundstone.com.au/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src apps.bazaarvoice.com assets.tailwindapp.com at.alicdn.com cdn-uicons.flaticon.com cdnjs.cloudflare.com cdn.honey.io cdn.joinhoney.com cdn.scite.ai ecomm-cdn.trurating.com fast.wistia.com fast.wistia.net fonts.gstatic.com font.static.useinsider.com *.hotjar.com insight.adsrvr.org match.adsrvr.org pro.fontawesome.com shopping.qantas.com static.zipmoney.com.au www.slant.co zip-co-media.s3.ap-southeast-2.amazonaws.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * api.bazaarvoice.com stg.api.bazaarvoice.com ct.pinterest.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 12757253.fls.doubleclick.net 12761252.fls.doubleclick.net 6895031.fls.doubleclick.net 8219837.fls.doubleclick.net accentgroup.formstack.com analytics.tiktok.com aus59.dayforcehcm.com ausaz231.dayforcehcm.com connect.facebook.net *.criteo.com *.criteo.net ct.pinterest.com drwnt-pr11.ntschools.net gateway.zscalerthree.net www.googleapis.com insight.adsrvr.org insight.adsrvr.org.x.84c439f70e5c7046810abf7058a74d187b80.43d75326.id.opendns.com invidious.projectsegfau.lt match.adsrvr.org my.volumental.com ole.worldmanager.com portal.afterpay.com rcg.demdex.net safe.menlosecurity.com servedby.flashtalking.com socialq.net td.doubleclick.net theathletesfootau.api.useinsider.com theathletesfootnz.api.useinsider.com tpc.googlesyndication.com www.dayforcehcm.com www.facebook.com www.google.com yt.artemislena.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.afterpay.com https://site-assets.afterpay.com/ display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 1f2e7.v.fwmrm.net aa.agkn.com accentgroupsupport.zendesk.com ade.clmbtech.com adgen.socdm.com adservice.google.com adservice.google.com.au adservice.google.se ads.stickyadstv.com adx.dable.io ad.360yield.com ad.as.amanad.adtdp.com ad.doubleclick.net ad.tpmn.co.kr ad.yieldlab.net analytics.tiktok.com api.fillr.com assets.api.useinsider.com cdn.attraqt.io a.twiago.com bam.nr-data.net bat.bing.com beacon.krxd.net cdn.aralego.net cdn.honey.io cloud.shopback.com cms.quantserve.com cm.adform.net cm.adgrx.com cm.g.doubleclick.net connect.facebook.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv *.criteo.com *.criteo.net cs.adingo.jp ct.pinterest.com c.bing.com d3nocrch4qti4v.cloudfront.net developers.google.com df45ay5pw60dy.cloudfront.net dsum-sec.casalemedia.com duuytoqss3gu4.cloudfront.net e1.emxdgt.com eb2.3lift.com ecomm-cdn.trurating.com embed-ssl.wistia.com encrypted-tbn3.gstatic.com engage-assets.volumental.com exchange.mediavine.com fast.wistia.com fast.wistia.net fonts.gstatic.com hb.yahoo.net *.hotjar.com i6.liadm.com ib.adnxs.com id5-sync.com idsync.rlcdn.com image.useinsider.com insight.adsrvr.cn insight.adsrvr.org i.liadm.com jadserve.postrelease.com js-agent.newrelic.com khms0.googleapis.com khms1.googleapis.com lantern.roeye.com lh3.ggpht.com *.lightboxcdn.com log.api.useinsider.com log.pinterest.com maps.googleapis.com maps.gstatic.com matching.ivitrack.com match.adsrvr.org match.prod.bidr.io match.sharethrough.com media.littlebirdie.com.au p25.zdusercontent.com pagead2.googlesyndication.com partner.mediawallahscript.com photos-eu.bazaarvoice.com pixel-sync.sitescout.com pixel.rubiconproject.com pixel.tapad.com pm.w55c.net pos.baidu.com pr-bh.ybp.yahoo.com prf.hn rs.fullstory.com rtb-csync.smartadserver.com r.casalemedia.com s0.2mdn.net scontent.cdninstagram.com secure.adnxs.com sentinel.api.useinsider.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.aralego.com sync.crwdcntrl.net sync.ipredictive.com sync.outbrain.com s.ad.smaato.net s.thebrighttag.com s.trackonomics.net tags.bluekai.com tapestry.tapad.com tg.socdm.com *.theathletesfoot.com.au *.theathletesfoot.co.nz translate.google.com trends.revcontent.com um.simpli.fi ups.analytics.yahoo.com visitor.omnitagjs.com wp-log.api.useinsider.com www.bing.com www.facebook.com www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cn www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mk www.google.mn www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sr www.google.tn www.google.tt www.google.vu www.google.ws www.ist-track.com www.littlebirdie.com.au x.bidswitch.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com ad.doubleclick.net analytics.tiktok.com api.useinsider.com assets.api.useinsider.com assets.pinterest.com bam.nr-data.net bat.bing.com cdn.attraqt.io chat.gosquared.com configaus2.veinteractive.com connect.facebook.net *.criteo.com *.criteo.net ct.pinterest.com d1l6p2sc9645hc.cloudfront.net data2.gosquared.com data.gosquared.com dkupaw9ae63a8.cloudfront.net ecomm-cdn.trurating.com ecommwidget.trurating.com edge.fullstory.com eitri.api.useinsider.com fast.wistia.com fast.wistia.net *.forter.com foursixty.com googletagmanager.com stats.g.doubleclick.net *.hotjar.com https://www.google-analytics.com insight.adsrvr.org js-agent.newrelic.com js.adsrvr.org lantern.roeyecdn.com *.lightboxcdn.com loader.wisepops.com maps.googleapis.com match.adsrvr.org pagead2.googlesyndication.com pixel.roymorgan.com polyfill.io rs.fullstory.com srd.bazaarvoice.com static.zdassets.com s.pinimg.com s.retargeted.co tag.benchplatform.com test.socialq.net theathletesfootau.api.useinsider.com theathletesfootnz.api.useinsider.com *.theathletesfoot.com.au *.theathletesfoot.co.nz tpc.googlesyndication.com t.cfjump.com unpkg.com widget-mediator.zopim.com wss://widget-mediator.zopim.com www.everestjs.net www.googletagservices.com www.google.com www.ist-track.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com display.ugc.bazaarvoice.com apps.bazaarvoice.com assets.api.useinsider.com cdn.honey.io fast.wistia.com fonts.googleapis.com foursixty.com www.googletagmanager.com *.lightboxcdn.com pwm-image.trendmicro.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.retargeted.co ausaz231.dayforcehcm.com cdn.attraqt.io connect.facebook.net *.criteo.com embed-cloudfront.wistia.com embed-ssl.wistia.com embedwistia-a.akamaihd.net fast.wistia.com *.forter.com googleads.g.doubleclick.net insight.adsrvr.org match.adsrvr.org region1.google-analytics.com ssl.google-analytics.com ssl.gstatic.com static.zdassets.com td.doubleclick.net www.bing.com www.googletagmanager.com www.google.com.hk www.google.co.in www.google.gr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com abacus.api.useinsider.com adobedc.demdex.net adservice.google.com ad.doubleclick.net analytics.tiktok.com api.retargeted.co api.trongrid.io api.useinsider.com bam.nr-data.net bat.bing.com carrier.useinsider.com collect-ap2.attraqt.io content.hotjar.io *.criteo.com cs.hae123.cn ct.pinterest.com d1wix2gc2cgqis.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3in1te4fdays6.cloudfront.net devtools-euw1c-interaction-server-004-mobile.browserstack.com distillery.wistia.com doublestat.info ecmacore.com ecommapi.trurating.com edge.fullstory.com ekr.zdassets.com embed-cloudfront.wistia.com embed-ssl.wistia.com fast.wistia.com fast.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.forter.com foursixty.com googleads4.g.doubleclick.net hit.api.useinsider.com *.hotjar.com ip.x2convert.com jb-on-site.api.useinsider.com locationv2.api.useinsider.com maps.googleapis.com metrics.hotjar.io network-a.bazaarvoice.com pagead2.googlesyndication.com pipedream.wistia.com portal.afterpay.com rcg.api.fluentretail.com rcg.tt.omtrdc.net recommendationv2.api.useinsider.com recommendation.api.useinsider.com region1.google-analytics.com rh.nexus.bazaarvoice.com rs.fullstory.com segment.api.useinsider.com stats.g.doubleclick.net surveystats.hotjar.io tafnz.api.fluentretail.com theathletesfootau.api.useinsider.com theathletesfootcustomercarenz.zendesk.com theathletesfootcustomercare.zendesk.com theathletesfootnz.api.useinsider.com *.theathletesfoot.com.au translate.googleapis.com tru-live-eventhubs.servicebus.windows.net unification.useinsider.com vc.hotjar.io widget-mediator.zopim.com wss://widget-mediator.zopim.com wss://ws.hotjar.com www.facebook.com www.google.com www.google.com.au zendesk-eu.my.sentry.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src edgeshoppingstatic.azureedge.net *.hotjar.com *.lightboxcdn.com wss://cdn0.forter.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.theathletesfoot.com 'self' 'unsafe-inline'; report-uri /_csp-reporting; report-to report-endpoint; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://on-site.com https://*.on-site.com https://on-site.com:8765 https://*.on-site.com:8765 https://*.realpage.com https://*.erenterplan.com https://cdn.statuspage.io https://code.jquery.com https://acsbap.com https://acsbapp.com https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.clarity.ms; object-src 'self'; worker-src 'self' blob:; report-uri /pub/csp_reports 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' essentialed.com *.essentialed.com passged.com *.passged.com d2lpurk2qe2oc.cloudfront.net d3ebkza70oew6x.cloudfront.net dpg0n9q1lsnov.cloudfront.net d37nqy2yusfq54.cloudfront.net d2pfk5on3dtp5q.cloudfront.net js-agent.newrelic.com bam.nr-data.net *.typekit.net *.google.com *.google.ca *.google.com.mx *.google.co.uk *.google.de *.googletagmanager.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.wistia.com *.wistia.net *.litix.io *.credly.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hs-analytics.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.plyr.io *.crazyegg.com *.hotjar.com *.hotjar.io analytics.tiktok.com *.bing.com hiset.org *.clarity.ms *.jquery.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.paypal.com *.paypalobjects.com js.stripe.com *.facebook.com *.facebook.net widget.trustpilot.com unpkg.com data: ws: wss: about: blob:; frame-ancestors 'self' essentialed.com *.essentialed.com passged.com *.passged.com 2 frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.americanmeadows.com *.privy.com *.richpanel.com *.ryzeo.com *.signifyd.com *.yotpo.com accounts.livechatinc.com analytics.tiktok.com api.livechatinc.com bam.nr-data.net bat.bing.com cdn-widgetsrepository.yotpo.com cdn.livechatinc.com cdn.richpanel.com cdn.statstrk01.com cdnapisec.kaltura.com chimpstatic.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net js-agent.newrelic.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.usemessages.com na-library.klarnaservices.com na-library.playground.klarnaservices.com s.pinimg.com secure.livechatinc.com static.hsappstatic.net static.trackedweb.net staticw2.yotpo.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com x.klarnacdn.net cdn.cookielaw.org code.jquery.com api.bluecore.com www.redditstatic.com siteassets.bluecore.com ui.powerreviews.com assets.pinterest.com americanmeadows.formstack.com static.formstack.com ajax.googleapis.com static.powerreviews.com dynamic.criteo.com snap.licdn.com sslwidget.criteo.com widget.us.criteo.com *.paypal.com *.wistia.com *.howuku.com *.jsdelivr.net *.criteo.com *.paypalobjects.com *.clarity.ms *.convertexperiments.com measurement-api.criteo.com display.powerreviews.com *.powerreviews.com *.corvuscro.com mjbeisch.github.io *.noibu.com *.highcountrygardens.com *.hotjar.com *.stripe.com resources-webcomponents.klevu.com *.mountain.com; report-uri /.webscale/csp-report 2 default-src * 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com dhv2ziothpgrr.cloudfront.net *.finance-calculator.co.uk *.klarnacdn.net *.klevu.com *.yotpo.com x.klarnacdn.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.nosto.com *.nos.to *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.flashtalking.com *.nosto.com *.nos.to *.finance-calculator.co.uk *.deko.finance *.dekopay.org *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cookiebot.com *.hotjar.com *.kaptcha.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.pmtonline.co.uk *.clarity.ms *.cloudfront.net *.nosto.com *.nos.to dhv2ziothpgrr.cloudfront.net *.finance-calculator.co.uk *.dekopay.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.trustpilot.com *.amazonaws.com *.klevu.com *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.yotpo.com blob: x.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudfront.net *.tradedoubler.com *.email.pmtonline.co.uk *.mateti.net *.newrelic.com *.nr-data.net *.zdassets.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.finance-calculator.co.uk *.dekopay.com dekowallet-feature-assets.s3.eu-west-2.amazonaws.com *.klarna.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.klevu.com *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com *.clarity.ms x.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to dhv2ziothpgrr.cloudfront.net *.finance-calculator.co.uk *.dekopay.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.trustpilot.com *.klevu.com *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudfront.net *.dycdn.net *.mateti.net *.pmtonline.co.uk *.zdassets.com *.zendesk.com *.nr-data.net *.bing.com tbs.pvnsolutions.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.finance-calculator.co.uk *.dekopay.com *.klarnaevt.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.trustpilot.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com *.cookiebot.com *.clarity.ms *.sentry.io x.klarnacdn.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self'; script-src 'self' 'nonce-'test 'unsafe-eval' https://*.npfsb.ru https://npfsberbanka.ru https://*.sbernpf.ru https://mc.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://st.top100.ru https://bitrix.info; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: cdn.elev.io maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.consentmanager.net https://delivery.consentmanager.net cdn.consentmanager.net *.criteo.com *.doubleclick.net *.durchsichtig.xyz *.hagel-shop.de *.hotjar.com www.facebook.com www.paypalobjects.com player.reetags.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com https://www.googletagmanager.com/ connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com https://cdn.consentmanager.net https://delivery.consentmanager.net validate.fishpig.co.uk sync.1rx.io ad.360yield.com eb2.3lift.com *.adnxs.com *.bing.com *.bidswitch.net *.casalemedia.com *.consentmanager.net *.criteo.com public-prod-dspcookiematching.dmxleo.com *.doubleclick.net e1.emxdgt.com www.facebook.com media.flixcar.com *.flix360.com *.google.com *.google.de *.googletagmanager.com fonts.gstatic.com *.hagel-shop.de id5-sync.com matching.ivitrack.com contextual.media.net exchange.mediavine.com visitor.omnitagjs.com sync.outbrain.com jadserve.postrelease.com simage2.pubmatic.com *.roeye.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com criteo-sync.teads.tv criteo-partners.tremorhub.com a.twiago.com *.taboola.com sync.targeting.unrulymedia.com t.ssl.ak.dynamic.tiles.virtualearth.net ad.yieldlab.net sync-criteo.ads.yieldmo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.magento-datasolutions.com *.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jsd-widget.atlassian.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.ablyft.com *.bing.com *.clarity.ms *.consentmanager.net *.criteo.com messenger.dixa.io www.dwin1.com cdn.elev.io connect.facebook.net media.flixcar.com media.flixfacts.com *.google-analytics.com *.googleoptimize.com *.hagel-shop.de *.hotjar.com player.reetags.com lantern.roeyecdn.com lantern.roeye.com *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com analytics.tiktok.com *.virtualearth.net www.zeitung-direkt.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.facebook.com graph.facebook.com business.facebook.com js.mollie.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googletagmanager.com *.bing.com css/light.theme.css https://static.klaviyo.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.hagel-shop.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de jsd-widget.atlassian.com api-private.atlassian.com https://cdn.consentmanager.net https://delivery.consentmanager.net magento-recs-sdk.adobe.net commerce.adobedtm.com *.bing.com *.clarity.ms *.consentmanager.net *.criteo.com *.doubleclick.net *.durchsichtig.xyz *.elev.io maps.googleapis.com *.google-analytics.com *.google.de *.hagel-shop.de *.hotjar.com *.hotjar.io *.sovendus.com analytics.tiktok.com unpkg.com/@adobe/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com autocomplete2.postdirekt.de test.saferpay.com www.saferpay.com saferpay.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com guysandstthomas.shorthandstories.com cdn.jsdelivr.net feeds.trac.jobs www.google.com www.gstatic.com *.googletagmanager.com *.shorthand.com unpkg.com cdnjs.cloudflare.com *.webspellchecker.net *.visualwebsiteoptimizer.com *.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com guysandstthomas.shorthandstories.com cdn.jsdelivr.net feeds.trac.jobs www.google.com www.gstatic.com *.googletagmanager.com *.shorthand.com unpkg.com cdnjs.cloudflare.com *.webspellchecker.net *.visualwebsiteoptimizer.com *.cloudflare.com; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.gstatic.com *.ytimg.com *.shorthandstories.com *.trac.jobs *.visualwebsiteoptimizer.com *.baidu.com; connect-src 'self' *.hotjar.io *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.google.com *.g.doubleclick.net feeds.trac.jobs *.visualwebsiteoptimizer.com *.shorthand.com *.webspellchecker.net wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 object-src 'self' *.cined.com; report-uri /_/csp-report/ 2 font-src *.fontawesome.com https://fonts.bunny.net use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://mcstaging.booktrump.com https://mcstaging.trumphotels.com https://integration-5ojmyuq-r7ma66w2vxzgu.us-5.magentosite.cloud https://integration2-hohc4oi-r7ma66w2vxzgu.us-5.magentosite.cloud 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://mcstagingdoral.booktrump.com https://mcstagingireland.booktrump.com https://mcstaging.booktrump.com https://mcstaging.trumphotels.com https://integration-5ojmyuq-r7ma66w2vxzgu.us-5.magentosite.cloud https://integration2-hohc4oi-r7ma66w2vxzgu.us-5.magentosite.cloud 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://firebasestorage.googleapis.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.synxis.com p.typekit.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://capture.celopay.com https://api.cartstack.com https://*.cartstack.com use.typekit.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com use.typekit.net p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://capture.celopay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 2 connect-src 'self' https://mediaserver.bti.de https://mediaserver.berner.eu https://cdn-icons-png.flaticon.com https://*.doubleclick.net https://bat.bing.com https://sgtm.bti.de https://sgtm.berner.eu https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.usercentrics.eu https://*.doubleclick.net https://*.iadvize.com https://*.slgnt.eu https://*.clarity.ms https://maps.googleapis.com https://widget.usersnap.com https://www.google.com https://www.googletagmanager.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.google-analytics.com https://www.facebook.com https://use.typekit.net https://adservice.google.com https://checkoutshopper-test.adyen.com https://www.google.fr https://www.google.be https://maps.gstatic.com https://www.google.at https://p.typekit.net; default-src 'self' 'unsafe-inline'; font-src 'self' https://p.typekit.net https://adservice.google.com https://use.typekit.net https://fonts.gstatic.com https://userlike-cdn-umm.b-cdn.net https://d3dc1lgancj6l0.cloudfront.net https://www.google.com https://*.doubleclick.net; frame-src 'self' https://mediaserver.bti.de https://mediaserver.berner.eu https://www.google.com https://bat.bing.com https://p.typekit.net https://www.google.at https://www.google.be https://www.google.fr https://checkoutshopper-test.adyen.com https://adservice.google.com https://use.typekit.net https://www.youtube.com https://*.adsrvr.org https://www.facebook.com https://www.google.com https://consentcdn.cookiebot.com https://*.iadvize.com https://maps.googleapis.com https://www.googletagmanager.com https://*.doubleclick.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.google-analytics.com; img-src https://cdn-icons-png.flaticon.com https://*.doubleclick.net https://www.google.at https://maps.gstatic.com https://www.google.be https://www.google.fr https://checkoutshopper-test.adyen.com https://adservice.google.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.doubleclick.net https://*.usercentrics.eu https://bat.bing.com https://www.bti.de https://shop.berner.eu https://cdn4.bti.de https://cdn4.berner.eu https://dc.ads.linkedin.com https://mediaserver.bti.de https://mediaserver.berner.eu https://sgtm.bti.de https://sgtm.berner.eu https://*.dc.bgcloudservice.com https://www.facebook.com https://www.google.com https://www.google.de https://maps.googleapis.com https://www.googletagmanager.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.google-analytics.com; media-src 'self' https://maps.googleapis.com https://mediaserver.bti.de https://mediaserver.berner.eu; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://sgtm.bti.de https://sgtm.berner.eu https://*.usercentrics.eu https://*.bing.com https://*.epoq.de https://code.jquery.com https://connect.facebook.net https://d3dc1lgancj6l0.cloudfront.net https://*.doubleclick.net https://*.kameleoon.eu https://*.kameleoon.io https://privacy-proxy.usercentrics.eu https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://*.usersnap.com https://maps.googleapis.com 2 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://brightsg.report-uri.com/r/d/csp/wizard; report-to csp-endpoint; 2 frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 2 child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' sdk.iad-01.braze.com wss://ws-mt1.pusher.com sockjs-mt1.pusher.com api.segment.io api2.branch.io cdn.segment.com firebaseinstallations.googleapis.com firebaseremoteconfig.googleapis.com firebaselogging-pa.googleapis.com maps.googleapis.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net https://d3lqotgbn3npr.cloudfront.net https://analytics.google.com www.google.com translate.googleapis.com wss://cdn0.forter.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com privacyportal.onetrust.com geolocation.onetrust.com https://*.sendbird.com wss://*.sendbird.com cdn.cookielaw.org; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net www.googletagmanager.com td.doubleclick.net; img-src 'self' pixel.pointmediatracker.com flask.nextdoor.com cdn.blisspointmedia.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net duuytoqss3gu4.cloudfront.net amplifypixel.outbrain.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net graph.facebook.com cdn.cookielaw.org data:; script-src-elem 'self' 'unsafe-inline' d2aibw1rdya05u.cloudfront.net cdn.segment.com ads.nextdoor.com https://client.rum.us-east-1.amazonaws.com *.pci.favor.dev *.favorengineering.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net ont.net wss://cdn0.forter.com *.prod.favor.dev *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io cdn.cookielaw.org; script-src 'self' 'unsafe-eval' cdn.segment.com ads.nextdoor.com cdn.branch.io https://client.rum.us-east-1.amazonaws.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.prod.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com www.gstatic.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/reportOnly; worker-src *.favordelivery.com blob: 2 font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.authorize.net *.facebook.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.authorize.net *.lpsnmedia.net *.salecycle.com *.facebook.com *.adsrvr.org *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com *.listrakbi.com *.bing.com *.lpsnmedia.net *.amazonaws.com *.routeapp.io *.mypurecloud.com *.adnxs.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.adsrvr.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net cdn.routeapp.io protect-quote-q.route.com protection-widget.route.com d3od5si8vgcekb.cloudfront.net *.listrak.com *.listrakbi.com *.liveperson.net *.lpsnmedia.net *.nr-data.net *.newrelic.com *.tiqcdn.com *.bing.com *.cybba.solutions *.cloudfront.net *.adsrvr.org *.facebook.net *.pepperjam.com *.rtb123.com *.routeapp.io *.route.com *.mypurecloud.com https://sentry.io *.sentry.io *.cloudflare.com *.adnxs.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.thecpapshop.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.listrak.com *.listrakbi.com *.googleapis.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.automizely.com api.automizely.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.alothemes.com *.magepow.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.route.com protect-quote-q.route.com protection-widget.route.com d3od5si8vgcekb.cloudfront.net *.listrak.com *.listrakbi.com *.nr-data.net *.newrelic.com *.sandbox.paypal.com *.googleadservices.com *.doubleclick.net *.salescycle.com wss://ws.salescycle.com *.salecycle.com wss://ws.salecycle.com *.facebook.com https://www.facebook.com *.route.com *.adnxs.com *.mypurecloud.com wss://webmessaging.mypurecloud.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.pro.ip-api.com *.ip-api.com *.amazonaws.com *.breadgateway.net *.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://smartsolutions.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 report-uri https://d1aosrekaw7sk8.cloudfront.net/reports; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' ws: blob: data: tagging.dupixent.com ad.doubleclick.net iron-wsa01 ironport pappfpwscsd01.s.sdccu-ad.com:15871 pappfpwscsd02.s.sdccu-ad.com:15871 zscalernotification.zuelligpharma.com 10.10.1.1:8090 8188202.fls.doubleclick.net ad.doubleclick.net ads.avct.cloud adservice.google.com aim-tag.hcn.health ajax.googleapis.com analytics.google.com analytics.tiktok.com ap.lijit.com api.aituria.com api.amcreativemedia.com api.amplitude.com api.awesomeblocker.com api.fbanalytics.org api.geoedge.com apis.google.com apps.healthgrades.com arttrk.com at.alicdn.com authenticate.ibotta.com bat.bing.com bcbolt446c5271-a.akamaihd.net bcp.crwdcntrl.net bh.contextweb.com block.opendns.com blocked.teams.cloudflare.com bpb.opendns.com c.clarity.ms ccwv.workspaceoneaccess.com cdn.cookielaw.org cdn.decibelinsight.net cdn.di-capt.com cdn.honey.io cdn.jsdelivr.net cdn.leanlibrary.app cdnjs.cloudflare.com cf-images.us-east-1.prod.boltdns.net clientstream.launchdarkly.com cm.g.doubleclick.net cn186503-7rx10900.ibosscloud.com code.jquery.com connect.facebook.net content.hotjar.io contextual.media.net d1lkfzu2puirk6.cloudfront.net dcsxg01.dothan.k12.al.us:8090 di.rlcdn.com div.show dpm.demdex.net eb2.3lift.com edge.api.brightcove.com en.acceptthisrose.com en.redshirtsalwaysdie.com fast.fonts.net fed.nyp.org feedback-pa.clients6.google.com fonts.cdnfonts.com fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com foodin.site form.typeform.com funnyand.com gateway.id.swg.umbrella.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net geolocation.onetrust.com get663.com googleads.g.doubleclick.net gum.criteo.com i.clean.gg i.liadm.com i6.liadm.com ib.adnxs.com ibotta.com insight.adsrvr.org insights.algolia.io integrations.eu-de.assistant.watson.appdomain.cloud io.narrative.io js.adsrvr.org magazine.education.investing.com manifest.prod.boltdns.net manzanasjuegosco-a.akamaihd.net maps.googleapis.com maps.gstatic.com match.adsrvr.org match.deepintent.com match.sharethrough.com media.wazimo.com metrics.brightcove.com metrics.hotjar.io mozbar.moz.com ms-cookie-sync.presage.io notify.bluecoat.com openrtb-us-east-1.axonix.com overbridgenet.com pixel-sync.sitescout.com pixel.rubiconproject.com player.vimeo.com players.brightcove.net players.brightcove.net privacyportal-eu.onetrust.com ps.eyeota.net pwm-image.trendmicro.com px.adentifi.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com related.lifestyle-insights.com res-1.cdn.office.net res.cdn.office.net rialto-gms.s3.amazonaws.com rtb-csync.smartadserver.com rtb.adentifi.com rtb.gumgum.com safe-cws-sase.vmware.com safe.menlosecurity.com sc-static.net script.hotjar.com security-eu.mimecast.com snap.licdn.com spoppe-b.azureedge.net ssum-sec.casalemedia.com staging-apps.healthgrades.com static.contextall.com static.hotjar.com stats.g.doubleclick.net svcs.tql.com synacor-match.dotomi.com sync.1rx.io sync.bfmio.com sync.crwdcntrl.net sync.graph.bluecava.com sync.lemmatechnologies.com sync.targeting.unrulymedia.com sync.technoratimedia.com tags.bluekai.com td.doubleclick.net td.doubleclick.net thrtle.com token.rubiconproject.com track.securedvisit.com track.sv.rkdms.com translate-pa.googleapis.com translate.googleapis.com trc.lhmos.com trk.dolbanews.com trotjidayo-1.algolianet.com trotjidayo-2.algolianet.com trotjidayo-3.algolianet.com trotjidayo-dsn.algolia.net uipglob.semasio.net unpkg.com use.fontawesome.com vc.hotjar.io vjs.zencdn.net w88p9x.com web-chat.global.assistant.watson.appdomain.cloud www.clarity.ms www.dupixent.com www.facebook.com www.google-analytics.com www.google-analytics.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.be www.google.bg www.google.bs www.google.ca www.google.ch www.google.cm www.google.cn www.google.co.cr www.google.co.id www.google.co.il www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.vi www.google.co.za www.google.com www.google.com.af www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.bz www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.jm www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.my www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.uy www.google.cz www.google.de www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.ro www.google.ru www.google.se www.google.si www.google.sk www.google.tt www.googletagmanager.com fresnel-events.vimeocdn.com vod-adaptive-ak.vimeocdn.com player-telemetry.vimeo.com fresnel.vimeocdn.com api.securedvisit.com www.medtargetsystem.com www.slant.co www.stack-ai.com yastatic.net z.clarity.ms ws.hotjar.com api.securedvisit.com content.securedvisit.com secure.adnxs.com www.gstatic.com www.eventmgmtportal.com sanofi-privacy.my.onetrust.com trotjidayo-1.algolianet.com trotjidayo-3.algolianet.com trotjidayo-2.algolianet.com trotjidayo-dsn.algolia.net api.mmitnetwork.com lpopeventportal-2-0-2.sanofigenzyme.intouch-preview.com som.healthgrades.com sanofi-japan-dev.eval.janraincapture.com sanofi-japan-staging.eval.janraincapture.com sanofi-japan.us.janraincapture.com sanofi-dev.us-dev.janraincapture.com sanofi-staging.us-dev.janraincapture.com sanofi.us.janraincapture.com sanofi-dev.eu-dev.janraincapture.com sanofi-staging.eu-dev.janraincapture.com sanofi.eu.janraincapture.com vod-adaptive-ak.vimeocdn.com player-telemetry.vimeo.com fresnel.vimeocdn.com fresnel-events.vimeocdn.com; 2 default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 2 img-src https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogiclongterm.s3.amazonaws.com/NSBA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://higherlogicstream.s3.amazonaws.com/NSBA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NSBA/ https://higherlogicdownload.s3.amazonaws.com/NSBA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NSBA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.midtrans.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.midtrans.com *.mxpnl.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' data:; 2 font-src fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.fontawesome.com *.googleapis.com *.gstatic.com *.hotjar.com *.sfdcstatic.com *.shopify.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.checkout.vficloud.net *.vficloud.net *.amazonaws.com *.klevu.com *.ksearchnet.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.swellrewards.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.checkout.vficloud.net *.vficloud.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.boyslife.org *.braintreegateway.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.doubleclick.net *.facebook.com *.force.com *.google.com *.hotjar.com *.kaptcha.com *.paypal.com *.scouting.org *.swellrewards.com *.twitter.com *.checkout.vficloud.net *.vficloud.net *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.amazonaws.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.facebook.com *.facebook.net *.google.com *.google.co.in *.google.lv *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.klarna.com *.lightemporium.com *.magentocommerce.com *.paypal.com *.scoutshop.org *.scoutstuff.org *.shopify.com *.siteimproveanalytics.io *.smsbump.com *.swellrewards.com *.twimg.com *.twitter.com *.usercentrics.eu *.yotpo.com *.ytimg.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.reddit.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.verifone.cloud *.clarity.ms *.cloudflare.com *.crazyegg.com *.doubleclick.net *.ecomm-nav.com *.facebook.net *.fontawesome.com *.force.com *.google.com *.google-analytics.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.jquery.com *.klaviyo.com *.newrelic.com *.nextopia.net *.nextopiasoftware.com *.nr-data.net *.paypal.com *.salesforceliveagent.com siteimproveanalytics.com *.stape.io *.swellrewards.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.vficloud.net *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.my.salesforce.com *.lightning.force.com *.secure.force.com *.checkout.vficloud.net widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.kaptcha.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.redditstatic.com *.reddit.com unpkg.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.force.com *.google.com *.googleapis.com *.gstatic.com *.klaviyo.com *.nextopia.net *.swellrewards.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu *.secure.force.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.scoutshop.org 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.braintree-api.com *.braintreegateway.com *.clarity.ms *.cloudflare.com *.crazyegg.com *.doubleclick.net *.facebook.com *.google.com *.google.lv *.google-analytics.com *.googleapis.com *.hotjar.com *.hotjar.io *.klaviyo.com *.nr-data.net *.paypal.com *.scoutshop.org *.socialannex.com *.swellrewards.com *.twimg.com *.twitter.com wss: *.secure.force.com *.checkout.vficloud.net *.vficloud.net widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com *.facebook.net *.redditstatic.com *.reddit.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://f0e6bfef-e270-42d2-8f01-c8e72656172d.sansec.watch/; report-to report-endpoint; 2 font-src storage.googleapis.com/rtux-rtux-data-integration-rti/ *.cloudflare.com data: 'self' 'unsafe-inline'; form-action test.saferpay.com www.saferpay.com saferpay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.prismic.io *.google.com *.criteo.com *.criteo.net *.doubleclick.net *.pinterest.com *.facebook.com *.livechatinc.com *.sovendus-connect.com *.googletagmanager.com *.weltpixel.com www.xtento.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com *.bing.com *.google.ch *.trackjs.com *.google.com *.twiago.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.smartadserver.com *.taboola.com *.adform.net *.omnitagjs.com *.lehner-versand.ch *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.teads.tv *.tremorhub.com *.3lift.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.demdex.net *.livechat-files.com *.dmxleo.com *.profity.ch *.googleapis.com *.prismic.io *.1rx.io www.xtento.com cdn.xtento.com test.saferpay.com www.saferpay.com saferpay.com *.gstatic.com *.facebook.com *.reddit.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js bx-cdn.com/static/bav2.min.js track.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/bav2.min.js r-st.bx-cloud.com/static/rti.min.js track.bx-cloud.com/static/rti.min.js bx-cdn.com/static/rti.min.js storage.googleapis.com/rtux-rtux-data-integration-rti/ *.trackjs.com *.gstatic.com *.livechatinc.com *.cdn.prismic.io *.google.com *.criteo.com *.pinimg.com *.bing.com *.adt313.net htm1.ch *.pinterest.com profity.ch *.profity.ch/clients/main.js *.getback.ch *.sovendus.com *.sovendus-connect.com *.googleapis.com storage.googleapis.com/*_rtux-data* *.wi-platform-cloud.com *.bx-cdn.com www.xtento.com cdn.xtento.com test.saferpay.com www.saferpay.com saferpay.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.getback.ch *.cloudflare.com *.googleapis.com storage.googleapis.com/*_rtux-data* tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src storage.googleapis.com/rtux-rtux-data-integration-rti/ *.googleapis.com storage.googleapis.com/*_rtux-data* 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com track.bx-cloud.com main.bx-cloud.com track-gw1.bx-cloud.com bx-cloud.com main.wi-platform-cloud.com r-st.bx-cloud.com track.bx-cloud.com/track/v2 storage.googleapis.com/rtux-rtux-data-integration-rti/ htm1.ch *.pinterest.com *.lehner-versand.ch *.criteo.com *.google.com *.getback.ch *.doubleclick.net *.wi-platform-cloud.com *.trackjs.com *.livechatinc.com *.sovendus.com *.googleapis.com storage.googleapis.com/*_rtux-data* *.bing.com test.saferpay.com www.saferpay.com saferpay.com *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: static.nacongaming.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com pay.google.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.google.com www.youtube.com amc.demdex.net vars.hotjar.com www.facebook.com static.nacongaming.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com network-eu-stg.bazaarvoice.com network-eu.bazaarvoice.com network-eu-a.bazaarvoice.com media.nacongaming.com scaleflex.ultrafast.io axeptio.imgix.net www.google.fr www.facebook.com static.nacongaming.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com network-eu.bazaarvoice.com network-eu-stg.bazaarvoice.com www.google.com www.gstatic.com script.hotjar.com static.hotjar.com connect.facebook.net anltc-v2.bigben.fr analytics.tiktok.com www.googleoptimize.com static.nacongaming.com static.axept.io anltc.bigben.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.fontawesome.com use.typekit.net p.typekit.net static.nacongaming.com 'self' 'unsafe-inline'; object-src static.nacongaming.com 'self' 'unsafe-inline'; media-src *.adobe.com static.nacongaming.com media.nacongaming.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.adyen.com payments-eu.amazon.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com in.hotjar.com stats.g.doubleclick.net anltc-v2.bigben.fr axeptio.imgix.net static.nacongaming.com client.axept.io api.axept.io anltc.bigben.fr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net fonts.googleapis.com magento-recs-sdk.adobe.net static.trackedweb.net tags.srv.stackadapt.com snap.licdn.com tags.srv.stackadapt.com bat.bing.com e.performancehealth.com f.vimeocdn.com tags.srv.stackadapt.com bam.nr-data.net services-connector-ui.magento-ds.com r2.dotdigital-pages.com *.punchout2go.com *.tradecentric.com *.pinterest.com *.facebook.net *.facebook.com *.licdn.com *.userway.org cdn.optimizely.com optimizely.com; style-src 'self' 'unsafe-inline' wchat.freshchat.com fonts.googleapis.com js.klevu.com tags.srv.stackadapt.com staticw2.yotpo.com; report-uri /.webscale/csp-report 2 connect-src 'self' https://status.netservicesgroup.com https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; frame-src https://www.google.com https://status.netservicesgroup.com; child-src https://status.netservicesgroup.com https://www.google.com https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://status.netservicesgroup.com 'sha256-zL+zKXgt2515GaHwEfkV8QPRfZZcGr/ibUw4EJ3V13s=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-Pkt8j98M46glrPDzrqR9I9gac/h2nvberIdQkhIGySk=' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://www.google.com https://www.gstatic.com https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://status.netservicesgroup.com https://secure.comodo.com 'sha256-3ocR7726kV2Y3awnQx4u408K1Dxd7l3X9nvrC91J15k=' 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 2 style-src 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de use.fontawesome.com;img-src 'self' data: *.helsana.ch *.pinterest.com s0.2mdn.net bat.bing.com www.facebook.com connect.facebook.net cm.everesttech.net dpm.demdex.net apple-resources.s3.amazonaws.com *.applemediaservices.com *.googlesyndication.com *.gstatic.com maps.googleapis.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net t.co *.linkedin.com *.google.com *.google.ch *.google.de *.google.fr *.google.li *.google.it *.google.ad *.google.ae *.google.al *.google.at *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.ca *.google.cd *.google.cg *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.ga *.google.gr *.google.ht *.google.hr *.google.hu *.google.ie *.google.iq *.google.jo *.google.lk *.google.lt *.google.lu *.google.lv *.google.me *.google.mg *.google.ml *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tn *.google.tt *.google.vg *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kh *.google.com.lb *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ni *.google.com.pe *.google.com.pk *.google.com.py *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com interaktiv.contilla.de;font-src 'self' data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net use.fontawesome.com *.helsana.ch;media-src 'self' data: blob: *.helsana.ch d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com;object-src 'none';worker-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com analytics.twitter.com snap.licdn.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com snap.licdn.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de;connect-src 'self' wss://*.helsana.ch *.helsana.ch maps.googleapis.com privacyportal-eu.onetrust.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cookielaw.org api.sitesearch360.com *.ads-twitter.com *.linkedin.com *.pinterest.com api.openweathermap.org www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com *.google.com *.doubleclick.net www.google-analytics.com tt.omtrdc.net dpm.demdex.net wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu interaktiv.contilla.de;frame-src 'self' *.helsana.ch *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com bid.g.doubleclick.net consentcdn.cookiebot.com www.youtube.com fls.doubleclick.net assets.adobedtm.com www.facebook.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com *.undpartner.digital;frame-ancestors 'self' *.helsana.ch;report-uri https://helsana.report-uri.com/r/d/csp/wizard;report-to wizard; 2 script-src 'self' 'unsafe-inline' https://snap.licdn.com https://ws.zoominfo.com https://script.hotjar.com https://assets.calendly.com https://embed.tawk.to https://my.hellobar.com https://www.clarity.ms https://embed.tawk.to https://www.gstatic.com https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://tpc.googlesyndication.com https://kit.fontawesome.com https://www.google.com https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.7.13/lottie.min.js; object-src 'self'; img-src 'self' data: https://px.ads.linkedin.com https://www.google.co.uk https://c.clarity.ms https://www.google-analytics.com https://ee9500fb4b5b4b4fa9f7a5505b017d53.svc.dynamics.com https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com; frame-src 'self' https://172.25.16.184 https://www.youtube.com https://tpc.googlesyndication.com https://www.google.com https://calendly.com; frame-ancestors 'self'; font-src 'self' 'data:' https://embed.tawk.to https://tpc.googlesyndication.com https://www.google.com https://ka-p.fontawesome.com; report-uri /report-csp-violation 2 font-src fonts.gstatic.com data: *.hotjar.com *.hotjar.io *.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.punchout2go.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.googletagmanager.com esqa.moneris.com www3.moneris.com *.dotdigital-pages.com *.dotdigital.com *.punchout2go.com data: e.bmr.co *.fls.doubleclick.net *.cloudfront.net *.hotjar.com *.hotjar.io insight.adsrvr.org www.facebook.net www.facebook.com *.google.ca *.moneris.com *.issuu.com notifications.wisepops.com wisepops.net *.addtoany.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.trackedlink.net 'self' blob: data: www.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com maps.gstatic.com maps.googleapis.com www.bmr.ca *.hotjar.com *.hotjar.io *.cloudfront.net insight.adsrvr.org www.facebook.net www.facebook.com *.paypalobjects.com adserve.atedra.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net cdn.cookielaw.org *.flippenterprise.net *.wishabi.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com esqa.moneris.com www3.moneris.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.punchout2go.com data: e.bmr.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.g.doubleclick.net ssl.google-analytics.com www.google.com maps.googleapis.com s.yimg.com *.hotjar.com *.hotjar.io *.cloudfront.net r2-t.trackedlink.net connect.facebook.net connect.facebook.com www.gstatic.com z.moatads.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net plausible.io cdn.cookielaw.org *.addtoany.com *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com 'self' blob: https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.punchout2go.com www.gstatic.com *.hotjar.com *.hotjar.io *.cloudfront.net cdn.cookielaw.org *.flippenterprise.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam.nr-data.net bam-cell.nr-data.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hotjar.com *.hotjar.io s.yimg.com maps.googleapis.com www.facebook.com ct.pinterest.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net plausible.io cdn.cookielaw.org *.flippenterprise.net *.flippback.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report.php; report-to report-endpoint; 2 default-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.turn.com static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: *.turn.com secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://umfworldwide.com https://ultrapassport.com https://umfstage.com https://ultrajapan.com https://resistanceibiza.com https://ultraeurope.com https://ultraperu.com https://ultraaustralia.com https://ultramusicfestival.com https://medellin.resistancemusic.com https://santiago.resistancemusic.com https://ultrataiwan.com https://guatemala.roadtoultra.com https://ecuador.roadtoultra.com https://resistancemiami.com https://ultrahongkong.com https://ultrakorea.com https://resistancemusic.com https://ultrabali.com https://ultrachile.com https://ultrasouthafrica.com https://thailand.roadtoultra.com https://india.roadtoultra.com https://ultraabudhabi.com https://costadelsol.ultrabeach.com https://costarica.roadtoultra.com https://ultrabrasil.com https://lima.resistancemusic.com https://buenosaires.resistancemusic.com https://guatemala.resistancemusic.com https://colombia.roadtoultra.com https://australia.resistancemusic.com https://mexico.resistancemusic.com https://santacruz.resistancemusic.com https://panama.resistancemusic.com https://sanjose.resistancemusic.com https://uruguay.resistancemusic.com https://ultrasingapore.com https://ultramexico.com https://quito.resistancemusic.com https://ultrabeijing.com https://ultrashanghai.com https://philippines.roadtoultra.com https://paraguay.roadtoultra.com https://roadtoultra.com https://ultrabuenosaires.com https://bolivia.roadtoultra.com https://*.umfworldwide.com https://*.ultrapassport.com https://*.umfstage.com https://*.ultrajapan.com https://*.resistanceibiza.com https://*.ultraeurope.com https://*.ultraperu.com https://*.ultraaustralia.com https://*.ultramusicfestival.com https://*.medellin.resistancemusic.com https://*.santiago.resistancemusic.com https://*.ultrataiwan.com https://*.guatemala.roadtoultra.com https://*.ecuador.roadtoultra.com https://*.resistancemiami.com https://*.ultrahongkong.com https://*.ultrakorea.com https://*.resistancemusic.com https://*.ultrabali.com https://*.ultrachile.com https://*.ultrasouthafrica.com https://*.thailand.roadtoultra.com https://*.india.roadtoultra.com https://*.ultraabudhabi.com https://*.costadelsol.ultrabeach.com https://*.costarica.roadtoultra.com https://*.ultrabrasil.com https://*.lima.resistancemusic.com https://*.buenosaires.resistancemusic.com https://*.guatemala.resistancemusic.com https://*.colombia.roadtoultra.com https://*.australia.resistancemusic.com https://*.mexico.resistancemusic.com https://*.santacruz.resistancemusic.com https://*.panama.resistancemusic.com https://*.sanjose.resistancemusic.com https://*.uruguay.resistancemusic.com https://*.ultrasingapore.com https://*.ultramexico.com https://*.quito.resistancemusic.com https://*.ultrabeijing.com https://*.ultrashanghai.com https://*.philippines.roadtoultra.com https://*.paraguay.roadtoultra.com https://*.roadtoultra.com https://*.ultrabuenosaires.com https://*.bolivia.roadtoultra.com; media-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.browser-intake-datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com analytics.pangle-ads.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.zohopublic.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c55919a7d54d6386d0f0b19bc82e82f&dd-evp-origin=content-security-policy&ddsource=csp-report; 2 frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru *.dev-morda.svc.elama-team.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2 default-src 'self' https://jobs.b-ite.com https://bwp-online.gelsenkirchen.de https://ads.gelsen.net https://ads2.gelsen.net https://twebshop.tomas-travel.com https://player.podigee-cdn.net https://www.xn--fundbrodeutschland-q6b.de; style-src 'self' 'unsafe-inline' https://bwp-online.gelsenkirchen.de https://twebshop.tomas-travel.com https://player.podigee-cdn.net https://cdn.podigee.com; img-src 'self' https://ads.gelsen.net https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://server.arcgisonline.com https://*.tile.openstreetmap.org https://geodaten.metropoleruhr.de https://gdi.gelsenkirchen.de https://twebshop.tomas-travel.com https://cdn.podigee.com https://images.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://pansite6.gelsenkirchen.de https://ads.gelsen.net https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://static.b-ite.com https://cs-assets.b-ite.com https://bwp-online.gelsenkirchen.de/ https://twebshop.tomas-travel.com https://player.podigee-cdn.net https://cdn.podigee.com https://www.xn--fundbrodeutschland-q6b.de; child-src 'self' https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://whitelabel.hotel.de https://tempus-termine.com https://*.gelsenkirchen.de https://player.podigee-cdn.net https://www.xn--fundbrodeutschland-q6b.de 2 default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2 script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://github.com https://static.addtoany.com https://unpkg.com https://www.google.com 'unsafe-inline' https://citia.matomo.cloud/; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://citia.matomo.cloud https://static.axept.io https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://github.com https://static.addtoany.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2 default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com www.youtube.com www.youtube-nocookie.com www.google-analytics.com js.zi-scripts.com www.googletagmanager.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.google-analytics.com; connect-src 'self' js.zi-scripts.com ws.zoominfo.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' go.tsico.com www.youtube-nocookie.com www.google.com; worker-src 'self' blob:; upgrade-insecure-requests 2 font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com *.libreka.de *.fontawesome.com *.bootstrapcdn.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com js.stripe.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.libreka.de www.sovendus-connect.com www.sovendus-benefits.com *.cookiebot.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.cookielaw.org qm.magazinabo.com qm.bergweltenabo.ch qm.getredbulletin.ch *.libreka.de *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.com *.google.de *.linkedin.com *.pinterest.com *.redbull.com *.usd.de *.usercentrics.eu *.scnem2.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googletagmanager.com tagmanager.google.com cdn.cookielaw.org qm.magazinabo.com qm.bergweltenabo.ch qm.getredbulletin.ch *.libreka.de api.sovendus.com https://polyfill-fastly.io https://browser.sentry-cdn.com *.cloudfront.net *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.net *.google.com *.google-analytics.com *.haymarketstat.de *.licdn.com *.linkedin.com *.logopaletti.de *.redbull.com *.trustedshops.com *.pinimg.com *.usercentrics.eu *.scnem2.com *.s7.addthis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com d.ratepay.com d.payla.io dr.payla.io tagmanager.google.com fonts.google.com *.libreka.de *.fontawesome.com *.cloudfront.net *.cookiefirst.com *.google.com *.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.libreka.de *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com privacyportal-de.onetrust.com pagead2.googlesyndication.com qm.magazinabo.com qm.getredbulletin.ch *.libreka.de identification-api.sovendus.com press-tracking-api.sovendus.com https://*.ingest.sentry.io *.cookiefirst.com *.cookiebot.com *.cookielaw.org *.doubleclick.net *.elfsight.com *.google.de *.haymarketstat.de *.logopaletti.de *.usercentrics.eu *.pinterest.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.boltdns.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com google.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.lightboxcdn.com *.keen.io *.pingdom.net *.pinterest.com *.shareasale.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.securedvisit.com *.g.doubleclick.net www.dwin1.com *.attn.tv *.attentivemobile.com cdn.jsdelivr.net *.kaptcha.com *.clarity.ms *.tiktok.com *.audioeye.com mptyxz.annieskitclubs.com *.pinimg.com http://manifest.prod.boltdns.net *.liadm.com 'self' 'unsafe-inline' 'unsafe-eval';worker-src blob://* data://* 'self';connect-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.boltdns.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com google.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.lightboxcdn.com *.keen.io *.pingdom.net *.pinterest.com *.shareasale.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.securedvisit.com *.g.doubleclick.net www.dwin1.com *.attn.tv *.attentivemobile.com cdn.jsdelivr.net *.kaptcha.com *.clarity.ms *.tiktok.com *.audioeye.com mptyxz.annieskitclubs.com *.pinimg.com http://manifest.prod.boltdns.net *.liadm.com; report-uri /ajax/content_policy_violation.php 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com *.oct8ne.com oct8necdneu.azureedge.net blob: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com https://plumrocket.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.adyen.com www.xtento.com https://plumrocket.com *.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com blob: *.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static-eu.oct8ne.com oct8necdneu.azureedge.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.magento-datasolutions.com *.adyen.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://klaviyo.com https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com https://*.klaviyo.com static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://static.klaviyo.com *.fontawesome.com *.typekit.net assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.paypal.com google.com *.google.com *.adobedc.net *.demdex.net *.magento-datasolutions.com *.magento-ds.com *.adyen.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://klaviyo.com https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ws: https://geoip-js.com *.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://*.klaviyo.com static-eu.oct8ne.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' data: gap: *.klarna.com *.freshchat.com *.vimeo.com *.youtube.com *.whittard.co.uk *.whittard.com mention-me.com *.zenaps.com *.sub2tech.com *.gstatic.com *.facebook.com *.bglobale.com *.global-e.com *.onetrust.com *.windows.net *.whittardofchelsea.freshdesk.com *.tvsquared.com; img-src data: blob: *.demandware.net *.commercecloud.salesforce.com *.ads.linkedin.com *.demdex.net *.amazonaws.com *.ometria.com *.googletagmanager.com *.facebook.net *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.whittard.co.uk *.whittard.com *.postcodeanywhere.co.uk *.pcapredict.com *.yotpo.com *.tokywoky.com img.tokywoky.com *.klarnaservices.com *.klarnacdn.net *.mention-me.com *.awin1.com *.dwin1.com bda.bookatable.com i.ytimg.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.youtube.com *.vimeo.com bat.bing.com *.zenaps.com *.msgfocus.com *.fbsbx.com *.fbcdn.net graph.facebook.com *.zscloud.net *.googleusercontent.com *.klarnaevt.com i.vimeocdn.com *.surveymonkey.com *.kaltura.com *.gocertify.me *.bglobale.com *.global-e.com *.bc0a.com *.b0e8.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.googleanalytics.com *.google-analytics.com *.googleoptimize.com *.tvsquared.com analytics.whittard.com analytics.whittard.co.uk ade.googlesyndication.com *.abtasty.com *.roeyecdn.com *.roeye.com; child-src 'self' blob: *.abtasty.com *.studentbeans.com *.google.com *.doubleclick.net *.facebook.com *.tokywoky.com *.freshchat.com mention-me.com *.mention-me.com *.klarna.com *.klarnaservices.com bda.bookatable.com *.sub2tech.com *.youtube.com *.vimeo.com *.zenaps.com *.googlesyndication.com *.online-metrix.net *.pagetiger.com *.googletagmanager.com connect.studentbeans.com *.googleapis.com *.surveymonkey.com *.paperform.co paperform.co *.ordergroove.com *.worldpay.com *.cardinalcommerce.com *.gocertify.me *.bglobale.com *.global-e.com whittardofchelsea.freshdesk.com *.pinterest.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.postcodeanywhere.co.uk *.pcapredict.com *.bootstrapcdn.com *.myfonts.net cdnjs.cloudflare.com *.yotpo.com *.freshchat.com *.mention-me.com *.sub2tech.com bda.bookatable.com *.klarnacdn.net *.whittard.co.uk *.whittard.com *.ordergroove.com *.particularaudience.com *.p-a.io *.google.com *.amazonaws.com *.abtasty.com *.gstatic.com; font-src 'self' data: *.gstatic.com *.g.doubleclick.net *.bootstrapcdn.com *.yotpo.com *.bookatable.com *.alicdn.com *.klarnacdn.net *.whittard.co.uk *.whittard.com *.ordergroove.com *.fontawesome.com *.bglobale.com *.global-e.com *.abtasty.com *.googleapis.com use.typekit.net; media-src 'self' data: *.facebook.com *.youtube.com *.vimeo.com *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com code.jquery.com *.pinimg.com *.cquotient.com *.ometria.com *.tryzens-analytics.com:12443 *.tvsquared.com *.facebook.net cdnjs.cloudflare.com cdn.cquotient.com *.googletagmanager.com www.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.dwin1.com *.postcodeanywhere.co.uk *.pcapredict.com *.z-analytics.net *.yotpo.com *.tokywoky.com *.msecnd.net *.freshchat.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com *.worldpay.com *.cardinalcommerce.com bda.bookatable.com bat.bing.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.yottaa.com *.cloudfront.net *.freshworksapi.com *.zenaps.com *.paypal.com *.paypalobjects.com *.awin1.com *.dwin1.com *.sessioncam.com *.whittard.co.uk *.whittard.com *.bootstrapcdn.com *.googlesyndication.com www.google.com *.studentbeans.com onlineerp.solution.quebec widget.surveymonkey.com *.paperform.co paperform.co *.ordergroove.com cdnapisec.kaltura.com *.gocertify.me *.bglobale.com *.global-e.com *.b0e8.com *.vimeo.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.googleanalytics.com *.googleoptimize.com analytics.whittard.com analytics.whittard.co.uk *.amazonaws.com *.abtasty.com *.roeyecdn.com *.roeye.com *.pinterest.com *.zi-scripts.com *.roeye.com *.payments-amazon.com *.tryzens-analytics.com unpkg.com; connect-src 'self' *.ads.linkedin.com snap.licdn.com *.rapid.yottaa-network.net pagead2.googlesyndication.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.tryzens-analytics.com:12280 *.ometria.com *.postcodeanywhere.co.uk *.pcapredict.com *.yotpo.com *.tokywoky.com *.klarnauserservices.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com mention-me.com bda.bookatable.com *.z-analytics.net *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.awin1.com *.dwin1.com *.yottaa.net *.sessioncam.com bat.bing.com *.facebook.com *.google.com *.facebook.net *.googleapis.com widget.surveymonkey.com *.s3.amazonaws.com *.ordergroove.com *.worldpay.com *.cardinalcommerce.com *.gocertify.me *.bglobale.com *.global-e.com *.vimeo.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.gstatic.com *.abtasty.com analytics.whittard.com analytics.whittard.co.uk ade.googlesyndication.com *.whittard.com *.whittard.co.uk *.amazonaws.com *.pinterest.com *.zi-scripts.com *.zoominfo.com *.tryzens-analytics.com unpkg.com; manifest-src 'self'; ; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/whittard-cspdata; 2 img-src https://higherlogicdownload.s3.amazonaws.com/NACE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' https://higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogiclongterm.s3.amazonaws.com/NACE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogiccloudfront.s3.amazonaws.com https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicstream.s3.amazonaws.com/NACE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d132x6oi8ychic.cloudfront.net https://cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-ui-1.13.3.min.js https://d3uf7shreuzboy.cloudfront.net/ https://d2x5ku95bkycr3.cloudfront.net/HigherLogic/jquery/jquery-3.7.1.min.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' https://hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2 default-src 'self'; script-src 'self' *.hubspot.com *.hs-analytics.net *.hs-scripts.com; connect-src 'self' *.hubspot.com *.hubapi.com; img-src 'self' *.hs-analytics.net *.hubspotusercontent##.net; frame-src 'self' *.hubspotvideo.com *.hscollectedforms.net; style-src 'self' *.hubspotusercontent##.net; 2 default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 2 font-src *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://*.gstatic.com *.narvar.com *.narvar.qa script.hotjar.com fonts.googleapis.com fonts.gstatic.com *.inside-graph.com integration-cdn.toshi.co acsbapp.com shopping.qantas.com appdown.pstatic.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de *.facebook.com *.cardinalcommerce.com www.facebook.com *.kaptcha.com bid.g.doubleclick.net ct.pinterest.com www.rsa3dsauth.co.uk www.securesuite.co.uk *.americanexpress.com 3dsecure-vrp.de 'self' 'unsafe-inline'; frame-ancestors au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com pay.google.com *.paypal.com *.bglobale.com *.global-e.com *.google.com *.doubleclick.net *.facebook.com *.pinterest.com *.sharethis.com *.hotjar.co vimeo.com acsbapp.com *.kaptcha.com player.smartzer.com www.google.com www.facebook.com accounts.accessibe.com dashboard.accessibe.com cestream.me 3ds.sia.eu acs2.3dsecure.no www.houzz.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://*.gstatic.com *.narvar.com *.narvar.qa adservice.google.com script.hotjar.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.bg www.google.be www.google.co.uk www.google.nl www.gstatic.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au *.searchspring.io *.media.tumblr.com s.ytimg.com maps.googleapis.com maps.gstatic.com au-cdn.inside-graph.com www.google.co.in d3cgm8py10hi0z.cloudfront.net track.linksynergy.com *.sharethis.com *.micpn.com *.pinterest.com zimmermann.com www.google.tn www.google.com.hk www.google.com.et www.google.com.eg www.google.co.tz www.google.ci www.google.co.ke www.google.cm www.google.lk www.google.com.ng www.google.ne www.google.com.mm www.google.co.mz www.google.co.id www.google.bi www.google.com.kh www.google.co.ve www.google.cd www.google.com.gh www.google.so www.google.com.af www.google.ht www.google.com.ni www.google.la www.google.cg www.google.bf www.google.sn www.google.com.ly www.google.mg www.google.com.sb www.google.com.pg www.google.com.np sync.sharethis.com www.google.com.py www.google.ml www.google.com.sl www.google.co.ls www.google.to www.google.gm www.google.rw www.google.com.vn www.google.com.sv www.google.co.kr www.google.com.bo www.google.com.sg www.google.mw www.google.si www.google.tl www.google.sc www.google.co.zm www.google.tg www.google.com.pk 4mrr1kwk.micpn.com www.google.ge www.google.com.fj www.google.com.na www.google.td www.google.ee www.google.mk www.google.bj www.google.mn www.google.bt www.google.co.bw www.google.fi www.google.com.uy www.google.co.th www.google.com.pe www.google.cv www.google.co.zw www.google.ga www.google.by www.google.iq www.google.com.ec www.google.co.jp www.google.com.pa www.google.dz www.google.ws analytics.tiktok.com www.google.gy www.google.de sdk.privacy-center.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.bglobale.com *.global-e.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://cdn.searchspring.net/intellisuggest/is.min.js analytics.tiktok.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com *.searchspring.net *.acsbapp.com au-tracker.inside-graph.com cdn.scarabresearch.com intljs.rmtag.com *.inside-graph.co js-agent.newrelic.com *.inside-graph.com acsbapp.com tag.lexer.io *.toshi.co *.bugsnag.com *.sharethis.com script.crazyegg.com *.clarity.ms www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com vimeocdn.com youtube.com googletagmanager.com maps.googleapis.com fullstory.com bat.bing.com 4mrr1kwk.micpn.com s.pinimg.com tag.rmp.rakuten.com *.hotjar.com ut.rd.linksynergy.com ct.pinterest.com unsafe-inline sdk.privacy-center.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bglobale.com *.global-e.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com/ *.inside-graph.com *.searchspring.net webchat.dotdigital.com cdn.honey.io *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa au-cdn.inside-graph.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com payments-eu.amazon.com *.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://beacon.searchspring.io/beacon analytics.tiktok.com data.stbuttons.click www.google.com.au translate.googleapis.com *.searchspring.io *.acsbapp.co cdn.acsbapp.com au-live.inside-graph.com bam.nr-data.net uat.tryzens-analytics.com:12280 *.scarabresearch.com wss://au-live.inside-graph.com *.bugsnag.com *.postcodeanywhere.co.uk *.sharethis.com script.crazyegg.com stats.g.doubleclick.net *.pinterest.com track.lexer.io www.tryzens-analytics.com:12280 www.google.co.ke www.google.bi pagestates-tracking.crazyegg.com www.google.com.sl www.google.co.ao www.google.cm www.google.com.np www.google.cd www.google.co.ve www.google.lk www.google.co.tz www.google.com.ng www.google.so www.google.ne www.google.co.id www.google.co.ls www.google.tn assets-tracking.crazyegg.com www.google.ht www.google.co.mz acsbapp.com www.google.com.co cp.crwdcntrl.net www.google.ci tracking.crazyegg.com www.google.co.za www.google.tl www.google.com.pk www.google.com.sv www.google.com.ly www.google.mg www.google.tg www.google.gm www.google.com.eg www.google.co.kr www.google.bf www.google.sn www.google.ga www.google.bj ad.doubleclick.net www.google.cg www.google.com.ar www.google.co.ma www.google.com.et www.google.fr www.google.com.na www.google.co.uk www.google.nl www.google.ml www.google.rw www.google.com.uy www.google.com.bo www.google.com.ni www.google.ki www.google.ee www.google.com.gt www.google.com.py www.google.com.gh www.google.com.kh www.google.com.vn www.google.ru www.google.cv www.google.com.mm www.google.co.zm www.google.vu www.google.com.ec www.google.es www.google.at bat.bing.com vc.hotjar.io www.google.de ws.hotjar.com content.hotjar.io metrics.hotjar.io www.google.ca www.tryzens-analytics.com ct.pinterest.com www.google.com.pe www.google.co.in www.google.ge googleads.g.doubleclick.net fresnel.vimeocdn.com api.privacy-center.org pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/zmn-cspdata; report-to report-endpoint; 2 default-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com; connect-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com https://www.google-analytics.com; font-src *; img-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://try.abtasty.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com/https://js.hs-scripts.com https://forms-na1.hsforms.com https://try.abtasty.com https://www.clarity.ms https://analytics.tiktok.com https://api.livechatinc.com https://s.yimg.jp https://www.google-analytics.com https://cdn.qgraph.io https://script.infinity-tracking.com https://loader.wisepops.com https://connect.facebook.net https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://b92.yahoo.co.jp/ https://img.macromill.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-elem * 'unsafe-inline'; report-uri https://qasmileeu.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 2 font-src https://*.gstatic.com fonts.gstatic.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co www.googleservices.com *.google.com *.gstatic.com https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.xtento.com https://*.hokodo.co https://photos.pixlee.co https://photos.pixlee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.xtento.com cdn.xtento.com https://site-assets.afterpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.google.co.uk https://www.gstatic.com https://d1fd8aj8bhyfe9.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com flagpedia.net https://register.feefo.com https://api.feefo.com https://s3-eu-west-1.amazonaws.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.xtento.com cdn.xtento.com https://js.afterpay.com https://cdn.segment.com https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://register.feefo.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com *.gstatic.com maps.googleapis.com https://*.feefo.com/ https://euwa.puzzel.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com https://*.klarnacdn.net https://static.klaviyo.com https://register.feefo.com https://services.postcodeanywhere.co.uk *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://register.feefo.com https://inbound-analytics.pixlee.com https://pce.afd.co.uk https://bam.nr-data.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com https://api.feefo.com https://collect.feefo.com https://api.puzzel.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 2 default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' *.youtube.com mc.yandex.ru *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com https://*.hcaptcha.com;frame-src 'self' *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;script-src-elem 'self' 'unsafe-inline' *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://js.hcaptcha.com/1/api.js;frame-ancestors 'self';report-uri /cspreport.php 2 font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com bpcepaymentservices-3ds-vdm.wlp-acs.com *.modirum.com *.wlp-acs.com *.cardinalcommerce.com *.cic.fr *.cafis-paynet.jp *.creditmutuel.fr *.lcl.fr *.americanexpress.com *.dnp-cdms.jp *.sg.fr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.lamaisonduchocolat.com *.avis-verifies.com *.reetags.com *.weltpixel.com *.paypalobjects.com bpcepaymentservices-3ds-vdm.wlp-acs.com *.modirum.com *.wlp-acs.com *.cardinalcommerce.com *.cic.fr *.cafis-paynet.jp *.creditmutuel.fr www.googletagmanager.com *.lcl.fr *.americanexpress.com *.dnp-cdms.jp *.sg.fr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com *.lamaisonduchocolat.com https://bat.bing.com https://sdk.privacy-center.org https://cm.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.fr *.linkedin.com https://rum-metrics.quanta.io *.reetags.com https://sync-t1.taboola.com https://ad.360yield.com https://ad.yieldlab.net https://contextual.media.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://ib.adnxs.com https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://match.sharethrough.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://secure.adnxs.com https://simage2.pubmatic.com https://sync.1rx.io https://sync.outbrain.com https://visitor.omnitagjs.com https://x.bidswitch.net https://images.unsplash.com *.gstatic.com www.googletagmanager.com lamaisonduchocolat.com *.clarity.ms www.google.com *.google.com *.bing.com *.google.co.jp *.google.com.hk *.doubleclick.net *.google.ro *.google.com.sg *.google.at *.a8.net *.google.com.tw data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.lamaisonduchocolat.com https://bat.bing.com https://sdk.privacy-center.org https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://www.clarity.ms https://appstatic.quanta.io *.reetags.com https://*.taboola.com https://analytics.tiktok.com https://acdn.adnxs.com https://ad.avtm.fr https://analytics.optimalpeople.fr https://trk.adbutter.net https://www.googletagmanager.com tagmanager.google.com *.zdassets.com *.vimeo.com *.a8.net *.tradedoubler.com *.algolia.net *.algolianet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.lamaisonduchocolat.com *.reetags.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.lamaisonduchocolat.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.lamaisonduchocolat.com *.privacy-center.org https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.com *.linkedin.com *.reetags.com https://*.taboola.com https://analytics.tiktok.com https://analytics.optimalpeople.fr https://ib.adnxs.com https://www.google-analytics.com yubinbango.github.io *.clarity.ms maps.googleapis.com rum-metrics.quanta.io *.zdassets.com *.zendesk.com *.bing.com *.bing.net *.googlesyndication.com *.vimeo.com vimeo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://c4297810fbb44aec095b20a73d3febec.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' diypestcontrol.com admin.diypestcontrol.com www.diypestcontrol.com www.googletagmanager.com www.dwin1.com static.klaviyo.com chimpstatic.com www.googleadservices.com static-tracking.klaviyo.com googleads.g.doubleclick.net diypestcontrol.ladesk.com widget.trustpilot.com invitejs.trustpilot.com www.google-analytics.com bat.bing.com www.google.com www.gstatic.com s.pinimg.com; report-uri /.webscale/csp-report 2 font-src *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.gstatic.com http://fonts.gstatic.com https://assets.sendinblue.com https://assets.brevo.com https://cdnjs.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com https://*.e-transactions.fr https://*.paypal.fr https://*.paypal.com https://*.monetico-services.com https://*.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src https://amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.monetico-services.com *.addthis.com js.mollie.com https://cl.avis-verifies.com http://amc.demdex.net https://sibautomation.com https://www.facebook.com https://www.googletagmanager.com https://forms.office.com https://*.sibforms.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.bird.eu *.disqus.com https://img.youtube.com https://firebasestorage.googleapis.com https://www.mollie.com https://*.cloudflare.com https://www.google.com.sg https://maps.googleapis.com https://maps.google.com http://maps.google.com https://maps.gstatic.com https://cl.avis-verifies.com https://*.openstreetmap.org https://black.bird.eu http://black.bird.eu https://bat.bing.com https://*.facebook.com https://*.google.fr https://*.google.com https://*.google-analytics.google.com https://www.googletagmanager.com https://burda-fr.mage.ovh https://*.sibforms.com https://img.mailinblue.com https://*.burdastyle.fr https://*.burdastyle.com https://*.abo-online.fr https://*.burdastyle.es https://*.burdastyle.pt https://*.burdastyle.uk https://*.burdastyle.nl https://*.faitmain-magazine.fr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.disqus.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io js.mollie.com https://www.google.com.sg https://googleads.g.doubleclick.net https://maps.googleapis.com https://cl.avis-verifies.com https://www.googletagmanager.com http://www.googletagmanager.com https://sibautomation.com https://connect.facebook.net https://bat.bing.com https://s3.amazonaws.com https://*.youtube.com https://downloads.mailchimp.com http://downloads.mailchimp.com https://*.sibforms.com https://sibforms.com/ https://static.cloudflareinsights.com https://www.clarity.ms/ https://js-agent.newrelic.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.jsdelivr.net *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com https://*.sibforms.com https://sibforms.com/ https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.monetico-services.com https://get.geojs.io *.avada.io https://stats.g.doubleclick.net https://maps.googleapis.com https://in-automate.sendinblue.com https://in-automate.brevo.com https://*.brevo.com https://*.analytics.google.com/ https://analytics.google.com/ https://*.google-analytics.com https://*.facebook.com/ https://*.sibforms.com/ https://bam.eu01.nr-data.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.googletagmanager.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://mobbex.com *.weltpixel.com *.getblue.io *.doubleclick.net *.criteo.com *.groovinads.com www.tfaforms.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://url.directo.com.ar *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://res.sugaway.io *.gstatic.com *.visualwebsiteoptimizer.com *.doubleclick.net *.google.com.ar *.clarity.ms *.bing.com mcstaging.sommiercenter.com *.groovinads.com *.criteo.com *.googleapis.com facebook.com url.directo.com.ar http://www.afip.gob.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://live.decidir.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://www.google.com https://maps.googleapis.com api.wcx.cloud f.wcentrix.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.hotjar.com *.cardinalcommerce.com *.embluemail.com *.navdmp.com *.zdassets.com *.visualwebsiteoptimizer.com *.getblue.io *.zopim.com *.clarity.ms *.groovinads.com *.criteo.net *.criteo.com *.decidir.com .*sommiercenter.uami.ai/* 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com *.embluemail.com *.googleapis.com https://www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com bedtime.com.ar *.bedtime.com.ar 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com https://developers.decidir.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mobbex.com https://www.google-analytics.com wss://widget-mediator.zopim.com *.braindw.com *.clarity.ms *.zdassets.com *.zendesk.com *.embluemail.com *.visualwebsiteoptimizer.com *.criteo.com *.googleapis.com *.decidir.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com.ar *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-violation-report.php 2 font-src https://*.fontawesome.com https://cdnjs.cloudflare.com https://*.typekit.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://*.zuora.com https://*.worldpay.com https://theteachingcompanysalesllc.demdex.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com https://theteachingcompany.d1.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://images.unsplash.com https://secureimages.teach12.com https://*.thegreatcoursesplus.com https://prd.jwpltx.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io https://cdnjs.cloudflare.com https://kit.fontawesome.com https://tags.tiqcdn.com https://cltgtstor001.blob.core.windows.net https://secureimages.teach12.com https://www.gstatic.com https://*.zuora.com https://*.worldpay.com https://*.jwpcdn.com https://*.acsbapp.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.fontawesome.com https://cdnjs.cloudflare.com https://*.typekit.net https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://get.geojs.io *.avada.io https://theteachingcompany.d1.sc.omtrdc.net https://*.fontawesome.com https://*.bitmovin.com https://*.slgnt.us https://*.tgcmag.com https://*.thegreatcourses.com https://link.theplatform.com https://teachco-mp4.akamaized.net https://*.acsbapp.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: http: data: wss://*.forter.com 'unsafe-inline' 'unsafe-eval'; connect-src https: http: wss://*.forter.com; frame-ancestors 'self' https: http: *.czs.org 172.21.2.30 www.chasepaymentechhostedpay.com object-src 'self'; img-src 'unsafe-eval' 'unsafe-inline' data: blob: *; font-src 'self' data: https: http: *.typekit.net; script-src 'unsafe-eval' 'unsafe-inline' blob: data: https: http: 'self' emarketing.activenetwork.com d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com kpstat.forter.com:7043 www.google.com maps.google.com maps.googleapis.com ssl.google-analytics.com www.google-analytics.com www.gstatic.com embed.idonate.com use.typekit.net cdn-js.net cdnjs.cloudflare.com d35u1vg1q28b3w.cloudfront.net partners.cmptch.com static.cmptch.com scriptcdn.net auctioneer.50million.club m.addthis.com s7.addthis.com m.addthisedge.com lkysearchex3688-a.akamaihd.net analyticspage.tools apiurl.org appsource.cool countmake.cool fp166.digitaloptout.com eluxer.net mirextpro.com z.moatads.com secure.myshopcouponmac.com payperclickadz.com cdn.pmqzads.com qdatasales.com widget-prime.rafflecopter.com srvvtrk.com pwm-image.trendmicro.com gateway.zscloud.net; style-src 'unsafe-eval' 'unsafe-inline' 'self' accessibility-bookmarklets.org emarketing.activenetwork.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com hello.myfonts.net pwm-image.trendmicro.com; report-uri https://bzcsp.report-uri.com/r/d/csp/reportOnly 2 font-src fonts.gstatic.com use.typekit.net *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com https://www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com youtu.be *.google.com *.nr-data.net 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yahoo.com *.bing.com *.facebook.com mossmotors.com *.mossmotors.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com polyfill.io widget.freshworks.com m2epro.freshdesk.com https://www.google.com https://www.gstatic.com *.hotjar.com *.facebook.net *.bing.com *.murdoog.com *.pcapredict.com *.jsdelivr.net *.yimg.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.google.com *.gstatic.com *.newrelic.com *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io *.yimg.com *.doubleclick.net *.adobedtm.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net api.braintreegateway.com api.sandbox.braintreegateway.com cli