Values for content-security-policy-report-only: default-src 'self' www.google.com www.gstatic.com img6.wsimg.com *.secureserver.net collect.tealiumiq.com *.akamaihd.net c.go-mpulse.net *.akstat.io www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.godaddy.com data:;font-src * data: blob:;style-src 'self' 'unsafe-inline' img6.wsimg.com www.gstatic.com;script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src * data: blob:;frame-src * data: blob:;report-uri /forsale/api/csp-reports 416 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 169 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 139 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 110 default-src https: 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com assets.digital.cabinet-office.gov.uk lux.speedcurve.com; script-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.gstatic.com www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com hmrc-uk.digital.nuance.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.gstatic.com 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com gov.klick2contact.com www.signin.service.gov.uk; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 73 default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 69 script-src 'report-sample' 'unsafe-inline' https: http:;report-uri /_/PlayStoreUi/cspreport 58 block-all-mixed-content; img-src 'self' data: https://*; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.skyscanner.net https://*.skyscnr.com https://*.gbot.me https://*.cloudfront.net https://*.akstat.io https://*.akamaihd.net https://*.perimeterx.net https://*.px-cloud.net https://*.mixpanel.com https://*.mxpnl.com https://*.zscloud.net https://*.branch.io https://*.usabilla.com https://app.link https://*.go-mpulse.net https://*.krxd.net https://cx.atdmt.com https://*.criteo.com https://*.criteo.net https://*.yandex.ru https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; report-uri https://slipstream.skyscanner.net/grp/v1/custom/public/csp-reports/report/security.ContentSecurityReport 41 img-src 'self' *.google.com *.facebook.com *.pinimg.com *.cedexis.com *.cedexis-test.com *.tvpixel.com idsync.rlcdn.com; report-uri /_/_/csp_report/?reportonly 36 block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 30 report-uri https://content-api.canon-europe.com/cspreport/webapp/; script-src 'nonce-2726c7f26c' 'self' 'unsafe-eval' 'unsafe-inline' blob: visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com wtbevents.pricespider.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com tags.tiqcdn.com locate.pricespider.com api.bazaarvoice.com app.optimizely.com players.brightcove.net c.evidon.com ds-aksb-a.akamaihd.net apps.nexus.bazaarvoice.com i1.adis.ws check.pricespider.com st.smartassistant.com cdncache-a.akamaihd.net cdn.pricespider.com admin.brightcove.com cdnjs.cloudflare.com connect.facebook.net apps.bazaarvoice.com canon.smartassistant.com app.gatedcontent.com www.youtube.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com cdn3.optimizely.com cdn.optimizely.com sadmin.brightcove.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com turbo.qualaroo.com script.crazyegg.com www.buzzsprout.com snap.licdn.com s3.amazonaws.com s1.adis.ws www.google.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com network.bazaarvoice.com cdnssl.clicktale.net img.en25.com 27 25 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 25 default-src https: data: 'unsafe-inline' 'unsafe-eval' 21 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 21 report-uri https://imkryiyepi.execute-api.eu-west-1.amazonaws.com/production/; default-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem script-src-elem https://www.googletagservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://securepubads.g.doubleclick.net https://adservice.google.co.uk https://adservice.google.com https://tpc.googlesyndication.com 'unsafe-inline' 'self'; script-src https: https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 20 default-src 'self' 18 default-src 'self' blob:; style-src 'self' 'unsafe-inline' https://assets1.freshteam.com https://www.google.com https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://wcdn.3cx.com https://wstatic.3cx.com https://d20hvw4zeymqbm.cloudfront.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wcdn.3cx.com https://wstatic.3cx.com https://cse.google.com https://www.googletagmanager.com https://d20hvw4zeymqbm.cloudfront.net https://assets1.freshteam.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://login.3cx.com https://www.redditstatic.com https://www.google-analytics.com https://ct.capterra.com tpc.googlesyndication.com pagead2.googlesyndication.com https://ssl.geoplugin.net https://services.3cx.com https://ajax.googleapis.com https://connect.facebook.net https://maps.googleapis.com www.gstatic.com;object-src 'none';img-src * data: blob:;connect-src 'self' https://wcdn.3cx.com https://cdn.3cx.com https://3cx-talent.freshteam.com https://my.yoast.com https://wstatic.3cx.com https://webapi.3cx.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net sipcy.3cx.com www.facebook.com translate.googleapis.com;child-src 'self' https://www.youtube.com blob:; frame-src 'self' https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.googletagmanager.com; block-all-mixed-content; report-uri /csp/; 16 default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com 16 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 14 report-uri /report-csp-violation 14 frame-ancestors 'self'; report-uri /beacon/csp.php 13 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; default-src 'self' blob:; child-src 'self' blob:; connect-src 'self' blob: w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net siemens.demdex.net tools.adlytics.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com www.downloads.siemens.com api.dc.siemens.com www.facebook.com *.cf.brightcove.com cert-portal.siemens.com www.hqs.sbt.siemens.com www.google.com api.company-target.com resource.finnchat.com api-fra.livechatinc.com aem-distribuidores.siemens.com.br aem-equivalentes.siemens.com.br; frame-src 'self' www.facebook.com bid.g.doubleclick.net hit.sbt.siemens.com *.equitystory.com partners.sea.siemens.com secure-fra.livechatinc.com siemens.demdex.net partners.finance.siemens.ru extranet.siemens.pt; font-src 'self' data: tools.adlytics.net new.siemens.com; img-src 'self' data: android-webview-video-poster: blob: https:; media-src 'self' blob: assets.new.siemens.com secure.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.cf.brightcove.com; object-src players.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' w3.siemens.com tools.adlytics.net assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com *.ste.dc.siemens.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com www.googleadservices.com connect.facebook.net cookies.siemens.com snap.licdn.com scripts.demandbase.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com resource.finnchat.com cdn.livechatinc.com secure-fra.livechatinc.com secure.livechatinc.com api.livechatinc.com api-fra.livechatinc.com www.sfs.siemens.de; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o1.ingest.sentry-xl.siemens-web.com/api/2/security/?sentry_key=1ee914da45a24a1491f0e46e1d0d92c9&sentry_environment=sites-prod&sentry_release=6586dcb7; 13 report-uri https://www.rbb-online.de/app/tpso-cspr/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 12 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com wss://*.qualified.com 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 11 frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 11 frame-src 'self' *.arcgames.com *.adyen.com www.google.com *.cdn.optimizely.com *.doubleclick.net *.youtube.com www.googletagmanager.com www.facebook.com; report-uri https://www.arcgames.com/en/report/enforce; 10 connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 9 default-src https: 'unsafe-inline' 'unsafe-eval' 9 default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 9 base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu https://api.personio.de/recruiting/applicant ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/?reportOnly=true 9 script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 9 child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 8 frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 7 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::COVID_19_2_10_X_ASYNC_AUTOMATYZACJA 7 default-src https: 'unsafe-inline' data: 7 default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 7 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 7 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 7 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 7 frame-ancestors 'self'; report-uri https://stores.jp/content_security_policy_reports 7 default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com *.lynda.com; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com www.linkedin.com www.slideshare.net *.megaphone.fm msit.powerbi.com app.powerbi.com linkedin.github.io; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=gm 6 block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly 6 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 6 default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 6 default-src 'unsafe-inline' 'unsafe-eval' data: https: wss:; report-uri https://shk.betfair.com/csp 6 default-src 'self' https://*.avrotros.org https://*.avrotros.nl https://www.google-analytics.com https://avrotros.blueconic.net https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://kmnl.tns-nipo.com;font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src *; frame-src *; 6 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor default-src 'self' 'unsafe-inline' www.shelterlogic.com stage.shelterlogic.com *.cloudmaestro.com h.online-metrix.net bat.bing.com ajax.googleapis.com api.hubapi.com *.zopim.com cdn.cookielaw.org bid.g.doubleclick.net connect.facebook.net d.adroll.com s.adroll.com fonts.googleapis.com fonts.gstatic.com forms.hsforms.com geolocation.onetrust.com js-hs.analytics.com js.hsadspixel.net js.hsforms.net js.hscollectedforms.net seal-ct.bbb.org secure.quantserve.com track.hubspot.com www.facebook.com 6 font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 5 frame-ancestors 'self'; report-uri /stf/reportiframe 5 default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com; img-src http: https: data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 5 script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 5 default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://savoy-prod.heroku.com/ https://assets.pinterest.com/ *.acquia.com/ *.salesforceliveagent.com/ https://connect.facebook.net/ *.en25.com/ https://s.ytimg.com/ https://sc-static.net/ https://script.crazyegg.com/ https://script.hotjar.com/ https://tag.demandbase.com/ *.google-analytics.com/ *.youtube.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://cdn.cookielaw.org/ https://cdn.siteimprove.net/; img-src 'self' data: cu.secure.force.com/ *.salesforceliveagent.com/ https://log.pinterest.com/ https://match.prod.bidr.io/ *.t.eloqua.com/ https://tr.snapchat.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; media-src 'self'; frame-src https://*.cybersource.com/ https://cdn.yoshki.com/ https://e.issuu.com/ https://vars.hotjar.com/ *.youtube.com/; font-src 'self' https://themes.googleusercontent.com/ https://cdnjs.cloudflare.com/; connect-src 'self' https://*.siteimprove.com/ https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://api.company-target.com/ https://sessions.bugsnag.com/ *.crazyegg.com/ *.acquia.com, https://vc.hotjar.io. *.facebook.com; report-uri /report-csp-violation 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://info.onsolve.com/ https://cdn.cookielaw.org/ https://apis.google.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://ws.zoominfo.com/ https://js-agent.newrelic.com/ https://*.cloudfront.net/ https://j.6sc.co/ https://www.googleadservices.com/ https://cdn.bizible.com/ https://cdn.bizibly.com/ https://munchkin.marketo.net/ https://geolocation.onetrust.com/ https://bam-cell.nr-data.net/ https://match.prod.bidr.io/ https://onsolve.bamboohr.com/ https://static.hotjar.com/ https://script.hotjar.com/; report-uri /_/csp-reports 5 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.instagram.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 5 default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 4 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 4 default-src * data: blob:;worker-src 'self' blob:;script-src blob: 'unsafe-inline' https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://www.googletagmanager.com/gtag/js https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;object-src 'none';style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;report-uri /csp-report 4 report-uri /ab/csp/index; report-to csp-endpoint 4 default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 4 default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /admin/config/system/seckit/csp-report 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://directline.botframework.com; report-uri /report-csp-violation 4 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; report-uri /error/js; img-src 'self' https: data:; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 4 connect-src 'self' *.dynatrace.com api-public.ducati.com wurfl.io stats.g.doubleclick.net www.google-analytics.com c.go-mpulse.net calculator.volkswagenbank.de s.yimg.com www.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net *.a8723.com performance.typekit.net www.google.com *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com; font-src data: 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension; script-src-elem data: *.dynatrace.com assets.ducati.com platform.twitter.com pixel.mathtag.com s.yimg.jp emea-ducati.netmng.com mm.markandmini.com *.a8723.com u.logbor.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net maps.googleapis.com s.go-mpulse.net s2.adform.net snap.licdn.com track.adform.net use.typekit.net wurfl.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de b92.yahoo.co.jp gateway.zscalertwo.net about; script-src *.dynatrace.com assets.ducati.com platform.twitter.com b92.yahoo.co.jp connect.facebook.net s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' googleads.g.doubleclick.net s.go-mpulse.net snap.licdn.com wurfl.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de maps.googleapis.com s2.adform.net sp.analytics.yahoo.com track.adform.net; base-uri 'self'; frame-src *.fls.doubleclick.net pixel.mathtag.com platform.twitter.com www.youtube.com youtu.be track.adform.net www.facebook.com www.googletagmanager.com bid.g.doubleclick.net remove.video www.google.com; img-src 'self' about data: * ; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' assets.ducati.com fonts.googleapis.com adblockers.opera-mini.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com 4 default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data:;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com 4 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 4 default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 4 default-src 'self'; 4 report-uri /_/csp-reports 4 font-src *.fontawesome.com *.cloudflare.com *.googleapis.com *.klevu.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.google.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.nosto.com *.nos.to *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.klevu.com *.gstatic.com *.zopim.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'unsafe-inline' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.nosto.com *.nos.to *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googletagmanager.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.nosto.com *.nos.to *.cloudflare.com *.googleapis.com *.klevu.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to *.testfreaks.com *.ksearchnet.com *.klevu.com *.google.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/wizard 4 default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com script.crazyegg.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 4 script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 4 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.addthis.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com https://cdn.klarna.com data: https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 4 font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com validate.fishpig.co.uk 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.gigya.com https://*.gigya.com https://consentcdn.cookiebot.com https://*.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.gigya.com 'unsafe-inline' data: https://*.gigya.com https://www.google.it https://bam.nr-data.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net jquery.sellxed.com *.gigya.com https://cdnjs.cloudflare.com https://legals.paninigroup.com https://*.cookiebot.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.addthis.com https://*.facebook.com https://*.addthisedge.com https://*.moatads.com https://*.recaptcha.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com 'unsafe-inline' data: https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com https://legals.paninigroup.com https://stats.g.doubleclick.net https://*.facebook.com https://bam.nr-data.net https://*.addthis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 ; report-uri https://.report-uri.com/r/d/csp/reporting 4 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 4 default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3 default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com wss://*.qualified.com 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 3 object-src 'none'; base-uri 'self' 'report-sample'; block-all-mixed-content; frame-ancestors 'self'; 3 default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 3 frame-ancestors 'self' https://*.twilio.com https://www.twilio.com;report-uri https://www.twilio.com/console/api/cspr 3 frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 3 connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: wss: *.base.be *.telenet.be *.telenet.be:* *.customersaas.com *.facebook.com *.facebook.net *.cookielaw.org *.googletagmanager.com *.hotjar.com *.hotjar.io *.omtrdc.net *.tiqcdn.com *.google-analytics.com *.gstatic.com *.pingvp.com *.usabilla.com *.unpkg.com *.driftt.com *.cloudfront.net *.zdassets.com *.premiumplus.io *.youtube.com *.force.com *.salesforce.com *.mobistar.be *.nettjar.com *.demdex.net *.wistia.com *.ytimg.com *.salesforceliveagent.com *.bluecoat.com *.licdn.com *.googleoptimize.com *.zopim.com *.googleapis.com *.typography.com *.sfdcstatic.com *.adobedtm.com *.typekit.net *.akamaihd.net *.litix.io *.zendesk.com *.onetrust.com *.adsymptotic.com *.upc.ch *.linkedin.com *.loadinggif.com *.2o7.net *.atdmt.com *.everesttech.net *.day.com *.telenetcampagnes.be *.mktoresp.com *.marketo.net *.adobe.com *.zentr.cc *.zentrick.com *.telenet-ops.be *.googleusercontent.com *.googleadservices.com *.pinterest.com *.zopim.io *.pinimg.com *.ac-systems.com *.luckycycle.com *.driftqa.com *.amazonaws.com *.wista.com *.doubleclick.net *.companymatch.me *.google.com *.telenet.be.seg.js *.mktoutil.com *.zentr.cc *.vimeo.com https://zentr.cc;img-src 'self' data: data blob: https: *.telenet.be *.telenet.be:* *.doubleclick.net *.loadinggif.com http://loadinggif.com;report-uri https://api.prd.telenet.be/csp-violation-report; 3 script-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.googletagmanager.com *.api.here.com *.instagram.com *.digicert.com *.mapbox.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd1us.badoocdn.com vk.com *.vk.me *.googleapis.com; report-uri /jss/csp_report.phtml 3 default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3 font-src https://fonts.gstatic.com https://www.facebook.com https://magento.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://consent.trustarc.com https://h.online-metrix.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://testsecureacceptance.cybersource.com/embedded/pay yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.facebook.com https://www.google.com https://www.youtube.com https://testsecureacceptance.cybersource.com https://tst.kaptcha.com/ https://web.facebook.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.vbulletin.com https://online.swagger.io https://ytimg.com https://i.ytimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.facebook.com https://magento.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://consent.trustarc.com https://h.online-metrix.net https://gdpr.internetbrands.com/ https://tst.kaptcha.com https://kaptcha.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com https://tst.kaptcha.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 script-src https://shopping.com https://*.shopping.com https://*.paypalobjects.com https://*.paypal.com https://www.google-analytics.com 'unsafe-inline'; connect-src https://shopping.com https://*.shopping.com https://*.paypal.com; form-action https://shopping.com https://*.shopping.com; img-src https://shopping.com https://*.shopping.com https://*.paypal.com https://*.ebayimg.com https://*.bizrate.com https://*.cnnx.io data:; report-uri https://monitor.ebay.com/csp-report/shoppingdotcom 3 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.windows.net *.msecnd.net *.trkn.us *.bing.com *.connexity.net *.alcmpn.com *.alocdn.com *.addthis.com *.opendns.com *.stickyadstv.com *.cloudflare.com *.polarisapi.com *.ctfassets.net *.youtube.com *.cloudflare.com *.aspnetcdn.com *.windows.net dnsl4xr6unrmf.cloudfront.net *.google.com blob: *.episerver.net *.doubleclick.net *.contentsquare.net screencaptue-cdn.kampyle.com api.offerpop.com screencapture.kampyle.com wyng.io *.cdninstagram.com *.wyng.com *.amazonaws.com *.opticalanalytics.io ajax.googleapis.com cdn.auth0.com cdn1.polaris.com cdn2.polaris.com cloudfront.loggly.com fonts.googleapis.com fonts.gstatic.com nebula-cdn.kampyle.com polaris-tagging-prod.azureedge.net polaris-tagging-tagserver-prod.azurewebsites.net s.ytimg.com *.hotjar.com *.hotjar.io udc-neb.kampyle.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.youtube.com servedby.flashtalking.com data: etc.polaris.com logs-01.loggly.com login.dotomi.com maps.googleapis.com cdn.jsdelivr.net maps.gstatic.com cdn-gen.polaris.com connect.facebook.net www.facebook.com www.polaris.com; 3 default-src https:; media-src blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3 font-src data: *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es secure.payu.com merch-prod.snd.payu.com *.youtube.com/ *.google.com *.doubleclick.net *.nativeroll.tv *.googlesyndication.com *.youtube-nocookie.com *.facebook.com *.affirm.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es static.payu.com data: *.pinterest.com *.google.com *.google.fr *.facebook.com vk.com *.teads.tv *.akamaihd.net *.yandex.ru *.adsrvr.org *.g.doubleclick.net *.facebook.net *.steelhousemedia.com *.cloudfront.net 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es jquery.sellxed.com secure.payu.com secure.snd.payu.com *.pinimg.com *.googletagmanager.com *.facebook.net *.teads.tv googleads.g.doubleclick.net *.google.com *.google.fr *.gstatic.com/ vk.com *.mail.ru *.yandex.ru *.nativeroll.tv *.scarabresearch.com *.cloudfront.net *.inside-graph.com *.steelhousemedia.com *.tiktok.com *.googleapis.com *.googlesyndication.com *.affirm.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.inside-graph.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es secure.payu.com merch-prod.snd.payu.com *.pinterest.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google-analytics.com *.mail.ru *.yandex.ru *.scarabresearch.com *.tiktok.com *.lamoda.ru *.inside-graph.com *.affirm.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.tissotwatches.com/en-en/tissot_csp/report/; report-to report-endpoint; 3 default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 3 img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 3 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 3 default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3 font-src *.bic.com *.cloudflare.com 'self' data: 'unsafe-inline' data: *.typekit.net *.gstatic.com https://cdnjs.cloudflare.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com www.facebook.com dmb.bic.com lighters.shopbic.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.snapchat.com *.criteo.com cdn.dnky.co webchat.dotdigital.com insight.adsrvr.org www.facebook.com static.criteo.net www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.twiago.com *.smartadserver.com *.adnxs.com *.360yield.com *.adscale.de *.bic.com *.outbrain.com *.bing.com *.google.com *.google.fr *.pinterest.com *.bazaarvoice.com *.facebook.com *.doubleclick.net *.stickyadstv.com *.yahoo.com *.googletagmanager.com *.teads.tv *.rubiconproject.com *.adform.net *.openx.net *.pubmatic.com *.3lift.com *.criteo.com *.casalemedia.com *.media.net *.omnitagjs.com *.bidswitch.net *.smaato.net *.advertising.com *.sharethrough.com *.ivitrack.com *.taboola.com data: px.ads.linkedin.com editor-assets.abtasty.com match.adsrvr.org ids.ad.gt secure.adnxs.com sync.smartadserver.com cm.g.doubleclick.net bh.contextweb.com image2.pubmatic.com www.facebook.com match.prod.bidr.io sync.go.sonobi.com ad.360yield.com tg.socdm.com ad.yieldlab.net gum.criteo.com criteo-partners.tremorhub.com i.liadm.com jadserve.postrelease.com ad.sxp.smartclip.net sync-criteo.ads.yieldmo.com ads.stickyadstv.com ads.yieldmo.com a.ad.gt sync.e-planning.net connect.facebook.net sync.ad-stir.com pixel.tapad.com ade.clmbtech.com api-lighters.shopbic.com dpm.demdex.net cw.addthis.com amasty.com cdn.klarna.com sdk.privacy-center.org cm.mgid.com www.magentocommerce.com blob: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.bic.com *.cloudflare.com *.gstatic.com *.snapchat.com *.bazaarvoice.com *.googletagmanager.com *.google.com *.facebook.net *.criteo.net *.bing.com *.pinimg.com *.abtasty.com *.windows.net *.batch.com *.yimg.com *.doubleclick.net *.outbrain.com *.privacy-center.org *.sc-static.net sc-static.net *.polyfill.io *.ad.gt *.yahoo.com *.criteo.com https://cdnjs.cloudflare.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io snap.licdn.com js.adsrvr.org aufp.io acdn.adnxs.com includes.ccdc02.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.bic.com *.typekit.net *.fonts.googleapis.com *.bazaarvoice.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.slgnt.eu *.bic.com *.bazaarvoice.com *.paypal.com *.google-analytics.com *.batch.com *.pinterest.com *.yimg.com *.abtasty.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com stats.g.doubleclick.net bat.bing.com p.ad.gt api.privacy-center.org www.facebook.com js.authorize.net amasty.com gateway.euronext.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 3 report-uri https://csp.edipresse.pl/report/polki; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset: 3 default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; report-uri https://fa920c4c3c2352efe32641b67b2f3fbe.report-uri.com/r/d/csp/reportOnly 3 default-src 'self'; connect-src 'self'; script-src 'unsafe-eval' 'unsafe-inline'; style-src 'unsafe-eval' 'unsafe-inline'; media-src 'self'; frame-src 'self'; manifest-src 'self'; object-src 'self'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com; img-src 'self' data: secure.gravatar.com www.gravatar.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com; connect-src 'self' *.vimeo.com www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: *.vimeo.com *.vimeocdn.com; child-src 'self' data: *.vimeo.com *.vimeocdn.com; frame-ancestors 'self' ; report-uri https://www.e2open.com?gdsih-csp-report; 3 default-src 'self'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com linkedin.sc.omtrdc.net lnkd.tt.omtrdc.net opreq.observepoint.com www.linkedin-ei.com adservice.google.com stats.g.doubleclick.net static.licdn.com; img-src data: blob: android-webview-video-poster: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; script-src-elem 'unsafe-inline' tags.tiqcdn.com *.salesforceliveagent.com platform.linkedin-ei.com platform.linkedin.com content.linkedin.com snap.licdn.com sjs.bizographics.com www.linkedin.com bcvipva02.rightnowtech.com sb.scorecardresearch.com; frame-ancestors 'self'; object-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=ms 3 default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com data: fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google.com *.googleadservices.com googleads.g.doubleclick.net; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.getclicky.com t.co *.facebook.com *.olark.com *.adroll.com *.google-analytics.com *.gstatic.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.datadoghq.com *.getclicky.com *.facebook.com *.olark.com *.google-analytics.com *.g.doubleclick.net; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com www.youtube.com www.facebook.com *.olark.com www.google.com bid.g.doubleclick.net; 3 font-src *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.criteo.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.agkn.com *.pinterest.com *.paypal.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.credo.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.facebook.net *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.criteo.com *.paypal.com *.newrelic.com *.nr-data.net www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com static.zdassets.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.credo.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net widget-mediator.zopim.com *.zopim.com *.cloudfunctions.net *.omappapi.com wss://widget-mediator.zopim.com *.paypal.com *.nr-data.net www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.pinterest.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.zdassets.com/ credomobilesupport.zendesk.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 3 report-uri /report-csp-violation; upgrade-insecure-requests 3 font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com oct8necdneu.azureedge.net blob: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.hotjar.com www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com *.oct8ne.com www.youtube.com consent-pref.trustarc.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com cdn.buff.com *.oct8ne.com oct8necdneu.azureedge.net www.google.lv www.google.ac www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.as www.google.at www.google.com.au www.google.ba www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.cat www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.gd www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.co.in www.google.io www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.kg www.google.com.kh www.google.ki www.google.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.lt www.google.lu www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.mp www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.na www.google.com.nf www.google.com.ng www.google.com.ni www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.re www.google.ro www.google.rs www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.com.ua www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.com.vn www.google.vu www.google.ws www.google.co.za www.google.co.zm www.google.co.zw blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com *.oct8ne.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://geoip-js.com *.cloudflare.com *.paypal.com https://cdn.klarna.com *.vimeocdn.com https://s.ytimg.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com cdn.buff.com *.oct8ne.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 3 script-src 'self' 3 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 3 default-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.typekit.net ajax.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com *.typekit.net *.myfonts.net; img-src 'self' data: *.google-analytics.com ajax.googleapis.com *.typekit.net *.doubleclick.net; connect-src 'self'; font-src 'self' data: *.typekit.net; object-src 'self'; media-src 'self'; frame-src *.addthis.com player.vimeo.com www.youtube.com; manifest-src 'self'; 3 frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://platform.twitter.com https://plusone.google.com https://facebook.com https://platform.twitter.com https://apis.google.com https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://use.fontawesome.com https://stats.wp.com https://s0.wp.com https://ajax.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://secure.gravatar.com; img-src 'unsafe-inline' 'self' https://pixel.wp.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; font-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://use.fontawesome.com https://fonts.gstatic.com https://wordpress.com data:; frame-src 'self' https://www.google.com; 3 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com; 3 font-src *.gstatic.com https://js.klevu.com data: https://*.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.xtento.com https://*.demdex.net https://*.adyen.com https://www.youtube.com https://youtu.be https://pay.google.com https://*.fls.doubleclick.net https://www.paypalobjects.com https://vars.hotjar.com http://www.yotpo.com https://player.vimeo.com/ https://*.googleapis.com/ https://www.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.xtento.com cdn.xtento.com *.gstatic.com *.google.co.uk *.google.com https://www.googletagmanager.com https://*.googleapis.com https://services.postcodeanywhere.co.uk https://www.rnengage.com https://js.klevu.com https://bat.bing.com https://mgl.sc.omtrdc.net https://cm.everesttech.net https://*.adyen.com https://*.demdex.net/ https://amcglobal.sc.omtrdc.net https://*.widget.custhelp.com https://*.cloudiq.com https://*.pinterest.com https://www.facebook.com https://cdn.cookielaw.org https://*.hotjar.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.xtento.com cdn.xtento.com *.avada.io http://maybo11111.pcapredict.com https://services.postcodeanywhere.co.uk https://polyfill.io https://js.klevu.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.widget.custhelp.com https://*.custhelp.com https://*.rightnowtech.com https://www.rnengage.com https://bat.bing.com https://pay.google.com https://googleads.g.doubleclick.net https://*.adyen.com https://*.newrelic.com https://bam-cell.nr-data.net https://*.hotjar.com https://connect.facebook.net https://cdn.cookielaw.org https://*.cloudiq.com https://*.onetrust.com https://*.pinimg.com https://*.trustpilot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://services.postcodeanywhere.co.uk https://*.widget.custhelp.com https://www.gstatic.com https://fonts.googleapis.com https://js.klevu.com https://*.googleapis.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://services.postcodeanywhere.co.uk https://*.ksearchnet.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.demdex.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://amcglobal.sc.omtrdc.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com https://*.pinterest.com https://bat.bing.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://secure.tt-staging.com/; report-to report-endpoint; 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 3 default-src 'self'; connect-src 'self' blob: https://web-api.viega.com https://forms.hubspot.com https://in.hotjar.com https://*.video-cdn.net https://*.akamaihd.net https://*.viega-cdn.net https://www.facebook.com https://www.google-analytics.com https://licensing.bitmovin.com; font-src 'self' https://*.video-cdn.net https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://web-catalog.viega.com https://insight.adsrvr.org https://vars.hotjar.com https://*.video-cdn.net https://www.youtube.com https://www.youtube.com https://e.issuu.com; img-src 'self' data: https://web-catalog.viega.com https://*.hubspot.net https://viegade01.wt-eu02.net https://viega01.webtrekk.net https://*.video-cdn.net https://maps.gstatic.com https://*.googleapis.com https://asset-out-cdn.viega-cdn.net https://forms.hsforms.com https://px.ads.linkedin.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com; media-src 'self' https://videocdn-blob-1.akamaized.net https://videocdnvod1-vh.akamaihd.net https://asset-out-cdn.viega-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.video-cdn.net https://www.youtube.com https://s.ytimg.com https://maps.googleapis.com https://e.issuu.com https://responder.wt-safetag.com https://connect.facebook.net https://data.processwebsitedata.com https://forms.hsforms.com https://forms.hubspot.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://assets.adobedtm.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.fonts.net; plugin-types application/pdf; report-uri https://viega.report-uri.com/r/t/csp/reportOnly 3 default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: data:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 3 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.trustpilot.com player.vimeo.com youtube.com *.creativecdn.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bing.com *.crobox.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com cdn-scripts.signifyd.com www.youtube.com video.google.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com *.trackedlink.net *.cookiebot.com *.blueconic.net *.visualwebsiteoptimizer.com *.trustpilot.com *.windows.net *.sooqr.com *.msecnd.net *.usabilla.com *.newrelic.com *.pinterest.com *.hotjar.com *.pinimg.com *.creative-serving.com *.creativecdn.com *.crobox.io *.robinhq.com *.bing.com *.go-mpulse.net *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com static.sooqr.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eluscious.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com ajax.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com; connect-src 'self' *.dynatrace.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com dc.services.visualstudio.com; img-src 'self' www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com; report-uri /cspreport.aspx 3 font-src *.cloudfront.net *.googleapis.com *.bootstrapcdn.com *.gstatic.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudfront.net data: 'self' data: www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.cloudfront.net *.google.com *.trustedshops.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudfront.net *.google.com *.trustedshops.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src https://js.klevu.com http://js.klevu.com https://fonts.gstatic.com http://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://widget.trustpilot.com http://widget.trustpilot.com https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://cdn-images.mailchimp.com http://cdn-images.mailchimp.com https://connect.nosto.com http://connect.nosto.com https://js.klevu.com http://js.klevu.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com https://www.fencestore.co.uk http://www.fencestore.co.uk https://www.shedstore.co.uk http://www.shedstore.co.uk https://www.buyfencingdirect.co.uk http://www.buyfencingdirect.co.uk https://www.buyshedsdirect.co.uk http://www.buyshedsdirect.co.uk https://www.buylogcabinsdirect.co.uk http://www.buylogcabinsdirect.co.uk https://www.greatlittlegarden.co.uk http://www.greatlittlegarden.co.uk https://www.bmgardenbuildings.co.uk http://www.bmgardenbuildings.co.uk https://js.klevu.com http://js.klevu.com https://accdn.lpsnmedia.net http://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net https://lptag.liveperson.net http://lptag.liveperson.net https://lo.v.liveperson.net http://lo.v.liveperson.net https://connect.nosto.com http://connect.nosto.com https://widget.trustpilot.com http://widget.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.fencestore.co.uk http://www.fencestore.co.uk https://www.shedstore.co.uk http://www.shedstore.co.uk https://www.buyfencingdirect.co.uk http://www.buyfencingdirect.co.uk https://www.buyshedsdirect.co.uk http://www.buyshedsdirect.co.uk https://www.buylogcabinsdirect.co.uk http://www.buylogcabinsdirect.co.uk https://www.greatlittlegarden.co.uk http://www.greatlittlegarden.co.uk https://www.bmgardenbuildings.co.uk http://www.bmgardenbuildings.co.uk https://fonts.googleapis.com http://fonts.googleapis.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://js.klevu.com http://js.klevu.com https://cdn-images.mailchimp.com http://cdn-images.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://apikeys.civiccomputing.com http://apikeys.civiccomputing.com apikeys.civiccomputing.com https://ig.instant-tokens.com http://ig.instant-tokens.com ig.instant-tokens.com https://graph.instagram.com http://graph.instagram.com graph.instagram.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com https://*.facebook.com http://*.facebook.com *.facebook.com; frame-ancestors 'none'; frame-src https://*.youtube.com http://*.youtube.com *.youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.cdninstagram.com http://*.cdninstagram.com *.cdninstagram.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.facebook.com http://*.facebook.com *.facebook.com https://i.ytimg.com http://i.ytimg.com i.ytimg.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://cc.cdn.civiccomputing.com http://cc.cdn.civiccomputing.com cc.cdn.civiccomputing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.mailchimp.com http://*.mailchimp.com *.mailchimp.com 'unsafe-inline'; 3 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 3 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self';base-uri 'self' https://*.microsoft.com https://*.skype.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.azure.net https://*.s-microsoft.com https://*.ytimg.com https://www.youtube.com https://*.microsoft.com https://*.skypeassets.com https://*.clicktale.net https://*.wx-int.trafficmanager.net https://*.wx-int.skype.com https://*.skype.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net https://connect.facebook.net/;style-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.skype.com https://*.skypeassets.com https://*.microsoft.com https://*.s-microsoft.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net;img-src 'self' data: blob: https://docs.botframework.com https://bot-framework.azureedge.net https://*.skype.com https://*.skypeassets.com https://c.microsoft.com https://*.clicktale.net https://*.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://www.facebook.com https://*.msecnd.net https://ad.doubleclick.net https://adservice.google.com;font-src data: https://*.skypeassets.com https://*.s-microsoft.com https://*.microsoft.com https://assets.onestore.ms https://*.skype.com https://fonts.gstatic.com;media-src 'self' data: blob: https://*.skypeassets.com https://*.skype.com;connect-src https://*.skype.com https://*.clicktale.net https://*.microsoft.com https://*.live.com https://*.skypeassets.com wss://*.trouter.skype.com https://web.vortex.data.microsoft.com https://prod-video-cms-rt-microsoft-com.akamaized.net https://eus-streaming-video-rt-microsoft-com.akamaized.net https://wus-streaming-video-rt-microsoft-com.akamaized.net;object-src 'none';frame-ancestors 'none';frame-src 'self' https://*.microsoft.com https://*.skype.com https://*.live.com https://www.youtube.com;form-action https://login.skype.com;report-uri https://edge.skype.com/r/c; 2 default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com *.vk.com an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com *.vk.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net pagead2.googlesyndication.com; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coubsecure-s.akamaihd.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandexadexchange.net yastat.net yastatic.net tpc.googlesyndication.com; report-uri https://cspreport.mail.ru/splash?v=19.11.20; 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 2 frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 2 report-uri https://wombat.smartsheet.com/www; default-src 'self' *.optimizely.com *.driftt.com; media-src 'self' *.driftt.com;script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.bing.com *.datadoghq-browser-agent.com *.zoominfo.com *.salesforceliveagent.com *.youtube.com *.techtarget.com *.ytimg.com *.optimizely.com *.google.com *.gstatic.com *.cookiebot.com *.driftt.com *.marketo.net *.nr-data.net *.google-analytics.com *.googletagmanager.com *.6sc.co *.facebook.net *.inspectlet.com *.licdn.com *.ads-twitter.com *.tvsquared.com *.demandbase.com *.impactradius-event.com *.adnxs.com *.steelhousemedia.com *.g2crowd.com *.newrelic.com *.min.js *.licdn.com *.twitter.com; connect-src 'self' *.google.com *.datadoghq.com *.adnxs.com *.google-analytics.com *.doubleclick.net *.amazonaws.com *.i215020.net *.mktoresp.com *.optimizely.com *.6sc.co *.company-target.com *.inspectlet.com *.6sense.com *.nr-data.net; frame-src 'self' *.youtube.com *.optimizely.com *.cookiebot.com *.driftt.com *.doubleclick.net *.facebook.com; img-src 'self' *.atdmt.com *.bing.com *.rlcdn.com *.ytimg.com *.techtarget.com *.smartsheet.com *.adsymptotic.com *.google-analytics.com *.doubleclick.net *.google.com *.turn.com *.bttrack.com *.co *.linkedin.com *.tvsquared.com *.bidr.io *.facebook.com *.company-target.com *.intentiq.com *.adsrvr.org *.demdex.net *.driftt.com; style-src 'self' 'unsafe-inline'; prefetch-src 'self' *.optimizely.com; object-src 'none'; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 block-all-mixed-content ; report-uri /csp-report 2 default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 2 upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sentry.dev www.googletagmanager.com www.google-analytics.com www.googleadservices.com js.hs-analytics.net js.hs-scripts.com js.driftt.com connect.facebook.net assets.calendly.com js.hsforms.net js.hs-banner.com forms.hsforms.com player.vimeo.com www.redditstatic.com m.servedby-buysellads.com static.zdassets.com googleads.g.doubleclick.net bat.bing.com munchkin.marketo.net; connect-src 'self' sentry.io *.sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com ekr.zdassets.com sentry.zendesk.com www.google-analytics.com stats.g.doubleclick.net 776-mjn-501.mktoresp.com; img-src 'self' data: www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net track.hubspot.com assets.calendly.com forms.hsforms.com q.quora.com alb.reddit.com www.facebook.com www.googletagmanager.com bat.bing.com www.google.com i.vimeocdn.com i.ytimg.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com bid.g.doubleclick.net; manifest-src 'self' www.sentry.dev; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 2 frame-src 'self' *.google.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com *.userway.org; 2 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 2 media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 frame-ancestors https://*.so-net.ne.jp http://*.so-net.ne.jp https://*.sonynetwork.co.jp https://*.sony.com https://*.sony.co.jp https://*.sonymobile.co.jp http://postpet.jp; report-uri /cgi-bin/csp-reports.cgi 2 default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com wss://*.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com wss://alidocs-body.oss-accelerate.aliyuncs.com wss://pre-collab.dingtalk.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org alidocs.oss-cn-zhangjiakou.aliyuncs.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com alidocs.oss-cn-zhangjiakou.aliyuncs.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 2 default-src 'self' 'unsafe-inline' *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' fonts.gstatic.com *.fca.org.uk; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 block-all-mixed-content; report-uri /global-cgi-bin/csp-report 2 base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://pv.sohu.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com https://code.oppo.com https://www.google-analytics.com https://www.googletagmanager.com; object-src none;frame-src http: https:;block-all-mixed-content; report-uri https://ti.oppo.com/csp/DataReport 2 default-src 'self' 'unsafe-inline' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.drift.com *.driftt.com *.kinstacdn.com api.intellimize.co www.google-analytics.com www.instagram.com www.googleadservices.com *.quoracdn.net www.google.com *.googleapis.com snap.licdn.com googleads.g.doubleclick.net rum-static.pingdom.net *.wistia.com *.wistia.net api.greenhouse.io cdn.segment.com https://cdn.split.io cdn.madkudu.com cdn.bizible.com ga.clearbit.com app-sj27.marketo.com widget.drift.com *.jquery.com https://www.google-analytics.com https://www.googletagmanager.com *.quora.com *.hsforms.com *.hsforms.net munchkin.marketo.net s.adroll.com d.adroll.mgr.consensu.org d.adroll.com *.facebook.net static.ads-twitter.com *.twitter.com twitter.com *.6sc.co *.dca0.com *.twimg.com tpc.googlesyndication.com use.typekit.net drift.referralrock.com gateway.on24.com; img-src 'self' 'unsafe-inline' data: * ; report-uri https://o13824.ingest.sentry.io/api/5269096/security/?sentry_key=e9bb6faf1b4c4ce1927908a451904d1d 2 script-src 'self' lihkg.com 'unsafe-inline' adv.lih.kg cdn.lihkg.com *.cloudflare.com static.cloudflareinsights.com *.googlesyndication.com *.googletagservices.com www.google-analytics.com *.google.com *.doubleclick.net *.googleadservices.com *.ampproject.org *.gstatic.com www.youtube.com s.ytimg.com connect.facebook.net; frame-src 'self' lihkg.com pb.lihkg.com game.lihkg.com embed.lih.kg *.doubleclick.net *.googlesyndication.com *.google.com www.youtube.com *.facebook.com w.soundcloud.com; connect-src 'self' lihkg.com i.lih.kg adv.lih.kg cdn.lihkg.com api.na.cx img.eservice-hk.net www.google-analytics.com *.doubleclick.net *.googlesyndication.com adservice.google.com cdn.ampproject.org *.gstatic.com *.googleapis.com *.cloudflare.com; worker-src 'self' lihkg.com blob:; report-uri https://report.lih.kg/csp?v=7 2 script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 2 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.soloway.ru https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2 default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /mixed-content-collector; 2 default-src *.pingdom.net data: *.facebook.net *.facebook.com *.qualtrics.com *.krxd.net *.doubleclick.net *.yimg.com *.google.com *.yahoo.com *.cookielaw.org *.onetrust.com *.clarity.ms *.yottaa.net *.simon.com www.google-analytics.com *.quantserve.com *.rackcdn.com *.rackspace.com *.rackspacecloud.com *.mappedin.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.gstatic.com *.recaptcha.net *.googleapis.com *.googletagmanager.com *.bing.com *.movienewsletters.net *.westworldmedia.com *.clickmeter.com 'self' 'unsafe-inline' 'unsafe-eval'; script-src *.pingdom.net data: *.facebook.net *.facebook.com *.qualtrics.com *.krxd.net *.doubleclick.net *.yimg.com *.google.com *.yahoo.com *.cookielaw.org *.onetrust.com *.clarity.ms *.yottaa.net *.simon.com www.google-analytics.com *.quantserve.com *.rackcdn.com *.rackspace.com *.rackspacecloud.com *.mappedin.com d3j72de684fey1.cloudfront.net d1p5cqqchvbqmy.cloudfront.net *.gstatic.com *.recaptcha.net *.googleapis.com *.googletagmanager.com *.bing.com *.movienewsletters.net *.westworldmedia.com *.clickmeter.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=etWhA4-bSWUsVg 2 report-uri https://csp.rz.uni-kiel.de/report; report-to csp; 2 default-src 'self' *.hsbc.co.uk; script-src 'self' 'unsafe-eval' *.hsbc.co.uk 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.co.uk 'unsafe-inline'; img-src 'self' *.hsbc.co.uk data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.co.uk hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.co.uk col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com/; 2 connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 2 frame-ancestors 'none'; report-uri /csp_logger/; 2 default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data: http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/*; report-uri /report-csp-violation 2 default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://ws.cex.io/ws;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 2 default-src 'none'; block-all-mixed-content; script-src *.fareharbor.com fareharbor.com content.fareharbor.me *.cloudfront.net *.stripe.com *.adyen.com *.mxpnl.com cdn.mxpnl.com *.filestackapi.com *.pusher.com *.optimizely.com cdn.optimizely.com *.google.com *.googleapis.com *.google-analytics.com https://www.google-analytics.com *.adroll.com *.adroll.mgr.consensu.org *.facebook.net *.facebook.com *.cloudflare.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.gstatic.com *.paypal.com 'unsafe-eval' 'unsafe-inline'; img-src * data: image/svg+xml image/png; style-src *.fareharbor.com fareharbor.com content.fareharbor.me *.cloudfront.net *.googleapis.com 'unsafe-inline'; connect-src https: wss:; form-action 'self' https:; base-uri 'self'; font-src fh-sites.imgix.net data: 'self'; frame-src *.stripe.com *.adyen.com *.filestackapi.com *.googletagmanager.com *.hotjar.com www.google.com airtable.com player.vimeo.com facebook.com fareharbor.com *.paypal.com; object-src 'none'; report-uri /csp-report/ 2 frame-ancestors *.adguard.com adguard.com 'self'; connect-src *.doubleclick.net https://www.google-analytics.com *.adguard.com adguard.com 'self'; script-src https://www.google-analytics.com https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments *.adguard.com adguard.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.com adguard.com 'unsafe-inline' 'self'; img-src * data: *.adguard.com adguard.com 'self'; frame-src *.paddle.com widget.cloudpayments.ru *.youtube.com *.adguard.com adguard.com 'self'; font-src *.adguard.com adguard.com 'self'; report-uri https://sentry.adguard.com/api/141/security/?sentry_key=25d351967596406c8824d0677089b8ea; default-src *.adguard.com adguard.com 'self' 2 default-src 'self' 'unsafe-inline' graphql.contentful.com web.ccpgamescdn.com *.ctfassets.net; base-uri 'self'; object-src 'self' ctfassets.net https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://tagmanager.google.com https://sp.analytics.yahoo.com https://s.yimg.com https://player.idomoo.com https://www.artfut.com yimg.com hello.myfonts.net graphql.contentful.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com www.gstatic.com www.gstatic.cn s.ytimg.com recaptcha.net www.google-analytics.com https://ssl.google-analytics.com speedof.me connect.facebook.net www.youtube.com www.googleadservices.com google.com *.google.com https://googleads.g.doubleclick.net https://bat.bing.com static.ads-twitter.com mc.yandex.ru ccpcommunity.zendesk.com *.zdassets.com *.twitter.com https://cdn.taboola.com https://widget-mediator.zopim.com https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/pagead/conversion_async.js;style-src 'self' 'unsafe-inline' web.ccpgamescdn.com https://tagmanager.google.com hello.myfonts.net fonts.googleapis.com; connect-src 'self' *.eveonline.com signup.ccpeveweb.com *.google.com www.google-analytics.com *.evetech.net engine.extccp.com https://s3.amazonaws.com *.idomoo.com *.idomoo.co https://eur-api.idomoo.com https://s.yimg.com api.ccpgames.com graphql.contentful.com sentry.io j62tyvg8r3.execute-api.eu-west-1.amazonaws.com yo2vtgum73.execute-api.eu-west-1.amazonaws.com www.mocky.io/v2/5e1ed5ca3100003600189501 stats.g.doubleclick.net https://bat.bing.com images.ctfassets.net www.endgame42.com speedof.me mc.yandex.ru mc.yandex.by mc.yandex.kz mc.yandex.ua mc.yandex.uz ccpcommunity.zendesk.com *.zdassets.com wss://widget-mediator.zopim.com https://googleads.g.doubleclick.net www.facebook.com mc.yandex.md mc.yandex.com mc.yandex.fr steamdatasuite.com umip1v3tqb.execute-api.eu-west-1.amazonaws.com cb2dzccayg.execute-api.eu-west-1.amazonaws.com w778zk1gu3.execute-api.eu-west-1.amazonaws.com; font-src 'self' data: hello.myfonts.net fonts.gstatic.com fonts.googleapis.com web.ccpgamescdn.com; img-src 'self' https: data: blob: *.ctfassets.net https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net; frame-src consentcdn.cookiebot.com speedof.me *.doubleclick.net www.google.com www.youtube.com https://www.facebook.com www.googletagmanager.com https://recaptcha.net tpc.googlesyndication.com *.ctfassets.net videos.ctfassets.net;frame-ancestors webvisor.com;report-uri https://ccpgames.report-uri.com/r/t/csp/reportOnly; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src * ldb1: data:; media-src * data: about:; frame-ancestors 'self' *.aleks.com *.connectmath.com *.mhcampus.com; report-uri /aleks/csp_report?stamp=web2020111702&uri=%2F&referer= 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; report-uri https://csp.yahoo.com/beacon/csp?src=fendr_developer.yahoo.com 2 block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 2 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::RING_WEBSITES_2_0_57_UPSTREAM 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' *.my127.site blob: *.webpipeline.net *.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.webpipeline.net *.brightcove.net *.googletagmanager.com *.zencdn.net *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com; style-src 'self' 'unsafe-inline' cloud.typography.com *.webpipeline.net *.buyatab.com; img-src 'self' *.my127.site data: *.webpipeline.net *.brightcove.net *.brightcove.com *.boltdns.net *.googletagmanager.com *.buyatab.com; media-src 'self' blob: *.akamaihd.net *.boltdns.net *.buyatab.com; frame-src *; font-src 'self' *.my127.site data: *.webpipeline.net *.typekit.net *.aman.com; report-uri https://aman.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2 frame-ancestors 'self'; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2 default-src 'self'; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com www.google.com/jsapi *.facebook.net *.facebook.com *.recaptcha.net *.gstatic.com; connect-src 'self' sentry.io 2 string 2 default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 2 script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 2 default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https:; connect-src https: wss: data:; font-src https: data:; media-src 'self' https:; report-uri https://www.sunrise.ch/csp-collector; upgrade-insecure-requests 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 2 default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport 2 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: wss: https://*.aldi-digital.co.uk https://*.aldi-digital.ie https://www.googleoptimize.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://*.google.com https://www.google.co.uk https://www.google.ie https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.richrelevance.com https://bat.bing.com https://www.awin1.com https://www.dwin1.com https://ads.avocet.io https://acdn.adnxs.com https://ib.adnxs.com https://www.facebook.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://s.pinimg.com https://*.doubleclick.net https://*.go-mpulse.net https://ads.avct.cloud https://fast.wistia.net https://*.wistia.com https://assets.pinterest.com https://ct.pinterest.com https://log.pinterest.com https://widgets.pinterest.com https://t.co https://*.queue-it.net https://*.onetrust.com https://*.quantserve.com https://*.bazaarvoice.com https://*.taggstar.com https://*.online-metrix.net https://services.postcodeanywhere.co.uk https://cdnjs.cloudflare.com https://www.zenaps.com https://*.2o7.net https://cm.everesttech.net https://assets.adobedtm.com https://dpm.demdex.net https://aldisued.demdex.net https://aldisued.d3.sc.omtrdc.net https://*.cybersource.com https://*.cardinalcommerce.com https://v1.addthisedge.com https://*.addthis.com https://*.akamaihd.net https://*.akstat.io https://mpsnare.iesnare.com https://the.sciencebehindecommerce.com https://*.moatads.com https://pixel.mediaiqdigital.com https://*.litix.io https://rules.quantcount.com https://*.omtrdc.net; 2 font-src fonts.gstatic.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com script.google.com vars.hotjar.com *.klarnaservices.com *.online-metrix.net imgs.signifyd.com *.vimeo.com vimeo.com record.webeyez.com d.emails.wahoofitness.com *.yotpo.com *.youtube.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ secure.adnxs.com insight.adsrvr.org match.adsrvr.org *.affirm.com bat.bing.com *.bazaarvoice.com dis.criteo.com gum.criteo.com ad.doubleclick.net stats.g.doubleclick.net www.facebook.com *.google.com *.gstatic.com eu.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com t.co *.wahoofitness.com sp.analytics.yahoo.com *.yotpo.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.adsrvr.org lightboxapi.azurewebsites.net bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com *.affirm.com static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.google.com *.googleapis.com googleads.g.doubleclick.net www.googletagmanager.com www.gstatic.com static.hotjar.com script.hotjar.com www.lightboxcdn.com cdn.livesession.io js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com www.lightboxcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.affirm.com bam-cell.nr-data.net cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.google-analytics.com analytics.google.com in.hotjar.com vc.hotjar.io eu.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com rs.livesession.io bam.nr-data.net privacyportal.onetrust.com insight.reflow.tv imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com record.webeyez.com send.webeyez.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com https://cdnjs.cloudflare.com/ajax/libs/lamejs/1.2.0/lame.min.js; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com play.vidyard.com; worker-src blob: 'self'; font-src 'self' data: assets.sutori.com fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com www.google-analytics.com *.stripe.com api.amplitude.com *.nr-data.net wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com api.unsplash.com risk.clearbit.com blob:; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' *.googleapis.com https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat blob:; child-src 'self' * https://www.sutori.com *.stripe.com https://accounts.google.com/o/oauth2/postmessageRelay https://accounts.google.com/o/oauth2/iframe https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com blob:; manifest-src assets.sutori.com; 2 font-src staticw2.yotpo.com fonts.gstatic.com demo.klevu.com js.klevu.com *.amazonaws.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.returnado.com www.google.com vars.hotjar.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com demo.mention-me.com mention-me.com *.bglobale.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.returnado.com *.fitanalytics.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com data: p.yotpo.com cdn-yotpo-images-production.yotpo.com f.monetate.net online.adservicemedia.dk px.ads.linkedin.com www.google.* googleads.g.doubleclick.net www.facebook.com demo.klevu.com js.klevu.com *.bglobale.com *.global-e.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com *.returnado.com bs.serving-sys.com cdn-akamai.mookie1.com secure.adnxs.com cdn.themessagecloud.com cdn.avmws.com s.go-mpulse.net js-agent.newrelic.com staticw2.yotpo.com se.monetate.net f.monetate.net cdn.scarabresearch.com static.scarabresearch.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com snap.licdn.com *.cloudfront.com *.cloudfront.net analytics.webgains.io online.adservicemedia.dk googleads.g.doubleclick.net polyfill.spinnaker-js.com *.fitanalytics.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com tag-demo.mention-me.com static-demo.mention-me.com *.bglobale.com static.hotjar.com script.hotjar.com js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com staticw2.yotpo.com fonts.googleapis.com js.klevu.com *.bglobale.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.returnado.com staticw2.yotpo.com api.yotpo.com ws.sessioncam.com www.google-analytics.com stats.g.doubleclick.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com recommender.scarabresearch.com apil1.spinnaker-js.com *.fitanalytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.criteo.com https://*.dynamicyield.com https://*.g.doubleclick.net https://*.hotjar.com https://*.salesforceliveagent.com https://*.taboola.com https://ajax.googleapis.com https://amplify.outbrain.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.js https://app-ab06.marketo.com https://bat.bing.com/bat.js https://cdn.heapanalytics.com/js/ https://cdn.walkme.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js https://extend.vimeocdn.com https://flex.atdmt.com https://freecurrencyrates.com https://graph.facebook.com https://intljs.rmtag.com https://k4z6w9b5.stackpathcdn.com https://media.gadventures.com/ghql/ https://munchkin.marketo.net https://npmcdn.com/@turf/turf@4.6.1/turf.min.js https://rules.quantcount.com https://s.pinimg.com https://s.ytimg.com https://s3.amazonaws.com/gadventures/ https://secure.quantserve.com https://service.force.com https://starling.crowdriff.com/js/ https://static.criteo.net https://static.filestackapi.com https://tags.tiqcdn.com/utag/gadventures/ https://tags.tiqcdn.com/utag/tiqapp/ https://tpc.googlesyndication.com https://upload.crowdriff.com/js/ https://use.fontawesome.com https://widget.trustpilot.com https://widgets.pinterest.com https://www.awin1.com https://www.dwin1.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com/iframe_api https://media.gadventures.com/media-server/; style-src 'unsafe-inline' https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.css https://app-ab06.marketo.com https://cdn.dynamicyield.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/css https://s3.amazonaws.com/gadventures/ https://service.force.com https://starling.crowdriff.com/css/ https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://use.fontawesome.com https://media.gadventures.com/media-server/; frame-ancestors 'self'; manifest-src https://media.gadventures.com; default-src 'none'; frame-src https://*.criteo.com https://*.facebook.com https://*.instagram.com https://app-ab06.marketo.com https://bid.g.doubleclick.net/xbbe/pixel https://cdn.walkme.com https://gadventures.qualtrics.com https://maps.google.com https://player.vimeo.com https://service.force.com https://static.criteo.net https://tpc.googlesyndication.com https://vars.hotjar.com https://widget.trustpilot.com https://www.awin1.com https://www.youtube.com; upgrade-insecure-requests; img-src 'self' blob: data: https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.gadventures.com https://*.outbrain.com https://bat.bing.com https://cdn.dynamicyield.com/api/8771071/images/ https://ct.pinterest.com https://cx.atdmt.com https://d3qvqlc701gzhm.cloudfront.net https://freecurrencyrates.com https://heapanalytics.com https://i.vimeocdn.com https://i.ytimg.com https://media-gadventures.global.ssl.fastly.net https://nypi.dc-storm.com https://pixel.quantserve.com https://starling.crowdriff.com https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/images/ https://www.awin1.com https://www.clixgalore.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.zenaps.com/a/b.php https://media.gadventures.com/media-server/ https://www.google.com; media-src https://crowdriff-video-upload.s3.amazonaws.com https://media-gadventures.global.ssl.fastly.net https://www.gadventures.com https://media.gadventures.com/media-server/; connect-src 'self' https://*.dynamicyield.com https://*.filestackapi.com https://110-ail-152.mktoresp.com/webevents/ https://analytics.shareaholic.com https://api.maptiler.com https://ct.pinterest.com/user/ https://heapanalytics.com https://in.hotjar.com https://media.gadventures.com https://rest.gadventures.com https://sentry.io/api/126322/store/ https://starling.crowdriff.com/graphql https://stats.g.doubleclick.net https://trc.taboola.com https://upload.crowdriff.com https://vc.hotjar.io https://widget.trustpilot.com/data/jsonld/business-unit/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shareaholic.net; font-src data: https://cdn.dynamicyield.com/onsite/fonts/ https://cdnjs.cloudflare.com https://fonts.gstatic.com https://freecurrencyrates.com https://k4z6w9b5.stackpathcdn.com https://media-gadventures.global.ssl.fastly.net https://s3.amazonaws.com/gadventures/ https://use.fontawesome.com https://media.gadventures.com/media-server/; form-action 'self' https://*.facebook.com 2 font-src *.head.com *.head-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.head.com *.head-test.com *.cookiebot.com www.facebook.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.head.com *.head-test.com pls.webtype.com www.w3.org data: www.facebook.com www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com jquery.sellxed.com *.head.com *.head-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com connect.facebook.net www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.head.com *.head-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com rec.smartlook.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net use.typekit.net; form-action 'self' https://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com youtube.com https://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://platform.twitter.com platform.twitter.com https://rec.smartlook.com rec.smartlook.com https://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://*.googleapis.com *.googleapis.com https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com 'unsafe-inline'; 2 worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 font-src fonts.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.fontawesome.com *.facebook.net *.authorize.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self' www.visitvictoria.com *.visitvictoria.com www.visitmelbourne.com *.visitmelbourne.com; upgrade-insecure-requests; 2 frame-ancestors 'self'; report-uri https://accounts.humanity.com/reportcsp.php 2 report-uri https://cd36466f21f5db895967ac9cb87c0cb5.report-uri.com/r/d/csp/reportOnly; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://ad.doubleclick.net https://browser.sentry-cdn.com https://bs.serving-sys.com https://cdn.monsido.com https://connect.facebook.net https://googleads.g.doubleclick.net https://in.getclicky.com https://media.twiliocdn.com https://pagead2.googlesyndication.com https://s.ytimg.com https://sc-static.net https://script.hotjar.com https://snap.licdn.com https://static.getclicky.com https://static.hotjar.com https://www.google.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://www.youtube.com https://secure-ds.serving-sys.com https://bam-cell.nr-data.net https://maps.googleapis.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src * data:; font-src * data: 2 default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 2 default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 2 block-all-mixed-content; upgrade-insecure-requests; default-src 'self'; object-src 'none'; img-src * data:; worker-src 'self' blob:; style-src 'self' https: 'unsafe-inline'; media-src 'self' https://*.llnw.net blob:; font-src 'self' https://*.gstatic.com https://*.fontawesome.com https://*.cloudfront.net data:; frame-src 'self' https://*.msasafety.com https://*.msanet.com https://*.google.com https://*.doubleclick.net https://*.marketo.com https://*.bing.com https://*.hotjar.com https://*.medallia.com https://*.zoho.com https://*.metalocator.com https://*.youtube.com https://*.sierramonitor.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.msasafety.com https://*.scene7.com https://*.pricespider.com https://*.limelight.com https://*.marketo.com https://*.marketo.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.bing.com https://*.doubleclick.net https://*.loopanalytics.com https://*.hotjar.com https://*.facebook.net https://*.wisepops.com https://*.adobedtm.com https://*.licdn.com https://*.medallia.com https://*.kampyle.com https://*.kickfire.com https://*.simpli.fi https://*.google.com https://*.metalocator.com https://*.pardot.com https://*.mapbox.com https://*.sierramonitor.com https://*.zohostatic.com https://*.usersnap.com https://*.cloudfront.net https://*.youtube.com data:; connect-src 'self' https://*.scene7.com https://*.limelight.com https://*.google-analytics.com https://*.bing.com https://*.mktoresp.com https://*.doubleclick.net https://*.wisepops.com https://*.medallia.com https://*.kampyle.com https://*.msanet.com https://*.hotjar.com https://*.mapbox.com https://*.googlevideo.com https://*.llnw.net; 2 default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2 frame-ancestors 'self' https://*.drfuhrman.com; report-uri /csp-report.ashx 2 font-src fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src data: youtube.com www.youtube.com vimeo.com google.com www.google.com www.gstatic.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com data: www.google.com www.google.ca maps.gstatic.com www.maps.gstatic.com maps.googleapis.com developers.google.com play.google.com linkmaker.itunes.apple.com ssl.gstatic.com img.riskified.com www.w3.org amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com data: js-agent.newrelic.com maps.googleapis.com google.com www.googletagmanager.com www.google.com www.gstatic.com bam.nr-data.net bam-cell.nr-data.net tagmanager.google.com beacon.riskified.com www.beanstream.com web.na.bambora.com c.riskified.com jquery.sellxed.com dpm.demdex.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src bam.nr-data.net bam-cell.nr-data.net c.riskified.com stats.g.doubleclick.net www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-uri https://csp.edipresse.pl/report/party; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 2 script-src 'self' 'unsafe-inline' honcdn.com *.honcdn.com pd1eu.honcdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.googletagmanager.com *.api.here.com *.instagram.com *.digicert.com *.mapbox.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' honcdn.com *.honcdn.com pd1eu.honcdn.com vk.com *.vk.me *.googleapis.com; report-uri /jss/csp_report.phtml 2 block-all-mixed-content; frame-ancestors 'self'; report-uri https://vault.gostatera.com/collect/csp; 2 default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2 font-src *.fontawesome.com *.cloudflare.com *.typekit.net *.trustedshops.com *.gstatic.com *.bootstrapcdn.com https://display.ugc.bazaarvoice.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com https://w.soundcloud.com https://www.youtube.com https://www.google.com *.paypal.com https://vars.hotjar.com https://amc.demdex.net/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com 'self' data: *.usercentrics.eu *.googleapis.com https://www.google.com/ *.gstatic.com http://amcglobal.sc.omtrdc.net/ https://facebook.com/ https://cm.everesttech.net/ https://dpm.demdex.net/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeocdn.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu https://chimpstatic.com *.zdassets.com *.googleapis.com https://www.google.com https://www.gstatic.com https://geoip.nekudo.com *.newrelic.com *.nr-data.net https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://connect.facebook.net/ https://widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.bazaarvoice.com *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.cloudflare.com *.paypal.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com *.nr-data.net https://in.hotjar.com http://amcglobal.sc.omtrdc.net/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://dpm.demdex.net/ 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 : default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://legalandgeneral.report-uri.com/r/t/csp/wizard 2 font-src *.fontawesome.com 'self' api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://www.google.com/ https://www.youtube.com https://www.googletagmanager.com/ https://www.facebook.com https://www.e-shop-direct.com https://store.plumrocket.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.facebook.com https://www.magezon.com https://med-euw3c.squarelovin.com/ https://www.google.*/ads/ https://www.facebook.com https://cdn.ywxi.net https://maps.googleapis.com https://maps.gstatic.com https://www.e-shop-direct.com https://www.google-analytics.com https://www.google.com https://www.google.de 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.google.com/ 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://*.cookiefirst.com/ https://chimpstatic.com/ https://squarelovin.com/squarelovin.js https://squarelovin.com/api/index/get-stream-media/ https://connect.facebook.net/signals/config/995641483818596 https://consent.cookiefirst.com/banner.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ecommerce.js https://cdn.klarna.com/1.0/code/client/all.js https://maps.googleapis.com/maps/api/js https://www.e-shop-direct.com/libs/js/jquery-3.1.1.min.js api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'report-sample' https://*.cookiefirst.com/ https://*.squarelovin.com/squarelovin.css https://med-cf-1.squarelovin.com https://www.e-shop-direct.com 'self' 'unsafe-inline'; object-src 'none' 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.google-analytics.com https://static.cookiefirst.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ https://www.google-analytics.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.przegladsportowy.pl::PREPROD_V3 2 default-src 'self'; script-src 'self' data: 'unsafe-inline' https://*; style-src 'self' 'unsafe-inline' https://*; img-src * 'self' https://*; font-src * 'self' https://*; connect-src https://*; frame-src https://* 2 base-uri 'self'; frame-src 'self' cookiejar.mondly.com vars.hotjar.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com; frame-ancestors 'self' *.mondly.com; font-src data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://*; media-src 'self' d37sy4vufic209.cloudfront.net mondly-languages-audio.azureedge.net; style-src 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com script.hotjar.com static.hotjar.com connect.facebook.net cdn.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.doubleclick.net *.driftt.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net; font-src * data:; img-src * data:; media-src * blob:; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net www.forgerock.com http://www.forgerock.com blob: chosen.jquery.js https://fast.wistia.com https://static.addtoany.com https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com chosen.css; report-uri https://forgerock.report-uri.com/r/d/csp/wizard 2 default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.zopim.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net *.hubspot.com 'unsafe-eval' unpkg.com/feather-icons *.hs-scripts.com *.visualwebsiteoptimizer.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.js.usemessages.com *.bootstrapcdn.com *.doubleclick.net *.albacross.com js.usemessages.com/conversations-embed.js js.hsforms.net/forms/v2.js; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self' *.hubspot.com *.doubleclick.net; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com data: wss:; connect-src 'self' *.hubspot.com *.hubapi.com; report-uri /report-csp-violation 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.angusrobertson.com.au; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.secure-afterpay.com.au bam.nr-data.net *.hotjar.com googleads.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.google.com *.gstatic.com *.forter.com *.visualwebsiteoptimizer.com *.cloudfront.net static.scarabresearch.com cdn.scarabresearch.com apis.google.com *.criteo.com static.criteo.net *.newrelic.com connect.facebook.net platform.twitter.com d.impactradius-event.com *.afterpay.com; connect-src 'self' blob: *.cloudfront.net *.google-analytics.com *.hotjar.io *.nr-data.net stats.g.doubleclick.net *.emarsys.net *.scarabresearch.com *.hotjar.com *.salecycle.com *.forter.com opentag-stats.qubit.com *.visualwebsiteoptimizer.com recommender.scarabresearch.com angusrobertson.4tqiav.net; img-src 'self' data: *.criteo.net *.google-analytics.com *.google.com *.bing.com *.google.com.au *.pinterest.com *.cloudfront.net *.visualwebsiteoptimizer.com *.facebook.com syndication.twitter.com *.secure-afterpay.com.au *.angusrobertson.com.au *.loggly.com; frame-src 'self' *.cloudfront.net *.angusrobertson.com.au *.google.com platform.twitter.com www.facebook.com staticxx.facebook.com www.youtube.com *.criteo.com *.criteo.net *.hotjar.com *.salecycle.com bid.g.doubleclick.net 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/ https://api.mixpanel.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://connect.facebook.net/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://src.litix.io/ https://cdnjs.cloudflare.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://*.krxd.net/ https://*.doubleclick.net/ https://www.redditstatic.com/ https://alb.reddit.com/ ; connect-src https://*.epix.com/ https://api.mixpanel.com/ https://sentry.io/ https://*.akamaihd.net/ https://www.facebook.com/ https://1pecbqtlcsq1ilmoio8v0jt7q.litix.io/ https://in.hotjar.com/ https://vc.hotjar.io/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ ; img-src 'self' https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.ae/ https://www.google.com.ar/ https://www.google.com.co/ https://www.google.ro/ https://sync.search.spotxchange.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://simage2.pubmatic.com/ https://dpm.demdex.net/ https://t.co/ https://www.facebook.com/ https://rtd-tm.everesttech.net https://dsum-sec.casalemedia.com https://sync-tm.everesttech.net/ https://cm.g.doubleclick.net/ ib.adnxs.com https://jslog.krxd.net/ https://beacon.krxd.net https://www.redditstatic.com/ https://alb.reddit.com/ ; style-src 'self' 'unsafe-inline' ; frame-src 'self' https://vars.hotjar.com/ https://*.doubleclick.net/ https://*.krxd.net/ ; media-src blob: https://epixwebapp-vh.akamaihd.net/ ; worker-src blob: ; report-uri https://sentry.io/api/170149/security/?sentry_key=94662fb71ba340bd91fb23bbfb099024&sentry_environment=prod-visa 2 child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2 default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 2 default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 2 default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2 default-src https: http: data: wss://*.forter.com 'unsafe-inline' 'unsafe-eval'; connect-src https: http: wss://*.forter.com; frame-ancestors 'self' https: http: *.czs.org 172.21.2.30 www.chasepaymentechhostedpay.com object-src 'self'; img-src 'unsafe-eval' 'unsafe-inline' data: blob: *; font-src 'self' data: https: http: *.typekit.net; script-src 'unsafe-eval' 'unsafe-inline' blob: data: https: http: 'self' emarketing.activenetwork.com d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com kpstat.forter.com:7043 www.google.com maps.google.com maps.googleapis.com ssl.google-analytics.com www.google-analytics.com www.gstatic.com embed.idonate.com use.typekit.net cdn-js.net cdnjs.cloudflare.com d35u1vg1q28b3w.cloudfront.net partners.cmptch.com static.cmptch.com scriptcdn.net auctioneer.50million.club m.addthis.com s7.addthis.com m.addthisedge.com lkysearchex3688-a.akamaihd.net analyticspage.tools apiurl.org appsource.cool countmake.cool fp166.digitaloptout.com eluxer.net mirextpro.com z.moatads.com secure.myshopcouponmac.com payperclickadz.com cdn.pmqzads.com qdatasales.com widget-prime.rafflecopter.com srvvtrk.com pwm-image.trendmicro.com gateway.zscloud.net; style-src 'unsafe-eval' 'unsafe-inline' 'self' accessibility-bookmarklets.org emarketing.activenetwork.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com hello.myfonts.net pwm-image.trendmicro.com; report-uri https://bzcsp.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' s16-hypstarcdn-com.akamaized.net 'unsafe-inline' *.byteoversea.com *.hypstarcdn.com blob: data:;script-src 'self' s16-hypstarcdn-com.akamaized.net 'unsafe-inline' 'unsafe-eval' *.byteoversea.com *.hypstarcdn.com blob: data:;img-src * data:;media-src *;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=vigo_web 2 default-src https:; child-src https: blob:; connect-src https: wss: data:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:; object-src https:; worker-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 2 font-src data: *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.collector.se *.cardinalcommerce.com *.jobylon.com *.doubleclick.net *.criteo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.s.ytimg.com *.googleapis.com *.gstatic.com *.collector.se *.byggmax.se *.byggmax.no *.byggmax.fi yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google-analytics.com *.collector.se *.assets.adobedtm.com *.authorize.net *.geostag.cardinalcommerce.com *.paypal.com *.vimeo.com *.ccdc02.com *.google.com *.braintreegateway.com *.ytimg.com *.signifyd.com *.youtube.com *.adnxs.com adtr.io *.googletagmanager.com *.criteo.net *.criteo.com *.trackedlink.net *.jobylon.com *.doubleclick.net *.googleapis.com *.byggmax.se *.byggmax.no *.byggmax.fi *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.byggmax.se *.byggmax.no *.byggmax.fi cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'eval' https://www.google.com http://www.google-analytics.com https://cse.google.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com https://cse.google.com https://www.google.com https://connect.facebook.net; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' 'data' https:; font-src 'self' 'data' https://fonts.gstatic.com; connect-src 'self'; media-src 'self' 'data'; object-src 'self'; prefetch-src 'self'; child-src 'self'; frame-src 'self' https://www.fotw.info; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.google.com; base-uri 'self'; manifest-src 'self'; report-uri https://fotw.report-uri.com/r/d/csp/reportOnly 2 default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 2 report-uri https://sentry.pressly.io/api/66/csp-report/?sentry_key=d0e35ce9d59a42b8b1ec472c0792de84; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3000 http://dev.pressly.io about: data: https: 2 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2 frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2 child-src 'self'; connect-src 'self' http://*.pinalove.com http://*.thaifriendly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.thaifriendly.com wss://*.vietnameselove.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com; frame-src 'self' https://*.facebook.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' blob: data: http://*.gstatic.com http://*.pinalove.com http://*.thaifriendly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com https://pinalove.com https://thaifriendly.com https://vietnameselove.com wss://*.pinalove.com wss://*.thaifriendly.com; manifest-src 'self'; media-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.yahooapis.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_136f6bd732b7462c9c5fd22fd24e9f47 2 frame-ancestors 'self'; report-uri https://report.csp.api.brightspace.com/report; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /.events/clientcsr/ 2 default-src 'none'; script-src * 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; font-src *; connect-src 'self'; report-uri /report-csp-violation 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://fast.wistia.com player.vimeo.com a.vimeocdn.com blob:; connect-src 'self' *.wistia.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com; frame-ancestors 'self' *.laendlejob.at *.ostjob.ch *.jobs.ch *.linkedin.com *.jobs.nzz.ch *.suedostschweizjobs.ch *.liechtensteinjobs.li *.app.profilmatcher.ch *.indeed.ch; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com; img-src 'self' https: data: ; font-src 'self' https: ; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com; frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2 default-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl *.op.nl; connect-src 'self' *.ondernemersplein.kvk.nl *.flagship.io ariane.abtasty.com sentry.io vc.hotjar.io *.hotjar.com ampcid.google.com ajax.googleapis.com www.google-analytics.com; img-src 'self' data: *.ondernemersplein.kvk.nl *.rvo.nl opendata.nederlandwereldwijd.nl ariane.abtasty.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com i.ytimg.com; style-src 'self' 'unsafe-inline' *.ondernemersplein.kvk.nl www.gstatic.com fonts.googleapis.com tagmanager.google.com; frame-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl opendata.ondernemersplein.nl www.youtube.com vars.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ondernemersplein.kvk.nl www.google-analytics.com www.googletagmanager.com www.gstatic.com *.flagship.io ariane.abtasty.com static.hotjar.com script.hotjar.com www.youtube.com s.ytimg.com; report-uri https://sentry.io/api/1234272/security/?sentry_key=f23f8584f25343e3baed391826c1e5ba&sentry_environment=productie 2 font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.hotjar.com https://*.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.doubleclick.net https://www.google.com https://*.hotjar.com https://*.livechatinc.com https://*.reviews.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.adyen.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com www.facebook.com https://*.doubleclick.net https://www.google.com https://www.google.co.uk https://*.cloudfront.net https://*.facebook.com https://*.yotpo.com https://*.heritagepartscenter.com https://a.klaviyo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.adyen.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://*.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://*.nr-data.net https://*.newrelic.net https://*.newrelic.com https://*.livechatinc.com https://*.facebook.net https://*.webgains.io https://*.chimpstatic.com https://*.yotpo.com https://*.reviews.co.uk https://*.trackedlink.net https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com https://*.googleapis.com https://*.yotpo.com https://*.cloudfront.net https://*.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com https://*.livechatinc.com https://*.heritagepartscenter.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net commerce.adobe.net qa-api.magedevteam.com commerce-beta.adobe.io *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://*.reviews.co.uk https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 img-src 'self' * data: *; 2 script-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.boltdns.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net api.omappapi.com www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://* 'self'; connect-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.boltdns.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net api.omappapi.com www.dwin1.com; report-uri /ajax/content_policy_violation.php 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com *.adsymptotic.com adsymptotic.com linkedin.com *.hotjar.com *.hotjar.io *.myfonts.net *.youtube.com *.ytimg.com *.pingdom.net *.cloudflare.com *.btttag.com *.usemessages.com *.hsadspixel.net *.hubapi.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.licdn.com *.hsleadflows.net *.googletagmanager.com t.co okta.com ads-twitter.com propane.com srv.stackadapt.com webtype.com *.okta.com oktacdn.com pinimg.com pinterest.com *.vimeo.com *.algolia.net *.googleapis.com *.googleadservices.com *.mapbox.com adnxs.com *.adnxs.com twitter.com *.oktacdn.com *.hs-scripts.com hubspot.com facebook.net google-analytics.com licdn.com btttag.com cloudflare.com hotjar.com hotjar.io myfonts.net facebook.com pingdom.net hs-analytics.net hs-scripts.com hsleadflows.net usemessages.com hsadspixel.net hubapi.com google.com gstatic.com youtube.com ytimg.com googleapis.com googletagmanager.com googleadservices.com fls.doubleclick.net algolia.net g.doubleclick.net vimeo.com mapbox.com *.hs-analytics.net *.hubspot.com ads.linkedin.com pacificpropane.org georgiapropane.org floridapropane.org pgane.org s4mdsp.com hsforms.com *.hsforms.net nmpga.com ilpga.org placeholder.com rmpropane.org maptiler.com nrel.gov *.hsforms.com gravatar.com presage.io bugherd.com hsforms.net paypalobjects.com google.com.pa *.vimeocdn.com *.google.ca vimeocdn.com *.bugherd.com *.gravatar.com cloudfront.net *.cloudfront.net stripe.com nmgplatform.com nmgassets.com *.googlesyndication.com googlesyndication.com google.ca addevent.com *.paypalobjects.com; 2 connect-src *; img-src data: blob: *; default-src blob: data: 'nonce-R@nDoM!3' 'unsafe-eval' 'unsafe-inline' 'self' cspreport.php *.go-mpulse.net *.akstat.io *.appdynamics.com *.licdn.com *.google.com *.facebook.net *.yimg.com *.bing.com *.yahoo.com *.ads-twitter.com *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.angularjs.org *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.interactivebrokers.com *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.covestor.com *.full.cv *.doubleclick.net *.youtube.com *.sitesearch360.com *.ibkr-int.com http://localhost:* *.lr-ingest.io http://dev183:* *.gpsrv.com *.npr.org ms-appx-web://* http://*.interactivebrokers.com *.jsdelivr.net http://nxdevsrv3:30999 *.vimeo.com http://*.interactivebrokers.ca ms-appx-web://microsoft.microsoftedge ny5webdv1:* http://ny5webdv1:* http://*.dev.ibkr-int.com http://s7.addthis.com *.interactivebrokers.eu http://nxdevsrv3:8122 zwebsrv1:6443 *.ibkr-int.com:* http://*.ibkr-int.com:* zwebsrv1.prod.ibkr-int.com:6443 *.simplywall.st *.aliyuncs.com *.googleapis.com *.bootstrapcdn.com css scripts *.interactivebrokers.ie *.interactivebrokers.eu *.interactivebrokers.hu *.interactivebrokers.lu s.go-mpulse.net; report-uri /cspreport.php 2 default-src http: https: code.jquery.com; frame-ancestors 'self' 2 sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals 2 report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media cdn.ampproject.org tag.aticdn.net sc-static.net ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: *.2mdn.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.googlesyndication.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.llnw.net *.m32.media *.scorecardresearch.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io static.hotjar.com us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com/tr tr.snapchat.com ; 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https://*.googlesyndication.com https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://adservice.google.com https://adservice.google.co.uk https://adservice.google.es https://cdn.ampproject.org http://platform.twitter.com https://*.googlesyndication.com https://cdn.curator.io https://www.googleadservices.com https://www.googletagmanager.com https://survey.g.doubleclick.net https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://lib.selfcampaign.com https://securepubads.g.doubleclick.net https://api.mapbox.com; style-src 'self' 'unsafe-inline' https://cdn.curator.io https://cdnjs.cloudflare.com https://api.mapbox.com; img-src 'self' https://www.commercialmotor.com https://www.google.com https://www.google.co.uk https://www.google.es https://*.googlesyndication.com data: https://*.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://lib.selfcampaign.com https://c1.adform.net https://match.adsrvr.org https://track2.selfcampaign.com https://track.selfcampaign.com https://syndication.twitter.com; frame-src 'self' https://www.youtube.com https://*.googlesyndication.com/ https://delivery.selfcampaign.com https://platform.twitter.com; connect-src 'self' https://*.g.doubleclick.net https://*.gstatic.com https://*.curator.io https://api.mapbox.com; report-uri https://rtmcommercialmotors.report-uri.com/a/d/g; upgrade-insecure-requests 2 font-src fonts.googleapis.com fonts.gstatic.com https://cdn.socialannex.com/ *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sfdcstatic.com *.socialannex.com *.script.hotjar.com https://script.hotjar.com/font-hotjar_5.65042d.woff2 https://script.hotjar.com/font-hotjar_5.0ddfe2.ttf https://script.hotjar.com/font-hotjar_5.17b429.woff 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.twitter.com *.google.com https://service.force.com/ https://vars.hotjar.com/ https://www.chasepaymentechhostedpay-var.com/ https://directory.scouting.org/ http://directory.scouting.org/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' blob: data: *.lightemporium.com *.yotpo.com *.mediafiles.scoutshop.org *.cdn.socialannex.com *.widgets.magentocommerce.com https://cdnazure-socialannexinc.netdna-ssl.com https://mediafiles.scoutshop.org/ https://cdn.socialannex.com https://www.facebook.com http://cdn.socialannex.com/custom_images/9991741/UVGD7L_logo.png http://cdn.socialannex.com/custom_images/1122330/N5C7XG_VZW1WW_close.png *.google.com *.scoutshop.org *.google.co.in *.googletagmanager.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://s23.socialannex.com/ https://cdn.socialannex.com/ http://cdn.socialannex.com/ https://c1.socialannex.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.connect.facebook.net *.service.force.com *.cdn.nextopia.net *.cdn.socialannex.com *.salesforceliveagent.com *.code.jquery.com https://service.force.com https://service.force.com/embeddedservice/5.0/esw.min.js https://cdn.nextopia.net/nxt-app/fca482e10d6c3e13d7748571d09f15d2.js https://cdn.nextopia.net/nxt-app/2515ea380310e97ec5b1c6947a2a0670.js https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js https://cdn.socialannex.com/partner/1122331/universal.js http://cdn.socialannex.com/partner/1122331/sas22CustomVC.js http://cdn.socialannex.com/s22/templatebase/s22-all.js http://cdn.socialannex.com/s22/templatebase/s22-vanilla-slider.js https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js http://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.socialannex.com/s22/s22-smarty-template-engine.js http://cdn.socialannex.com/s22/templatebase/s22-bxslider.js https://cdn.socialannex.com/s22/s22-acmc.js http://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/fbevents.js *.s23.socialannex.com http://s23.socialannex.com/v4/js/s23-main-curl.js https://s23.socialannex.com/v4/js/s23-main-curl.js http://cdn.socialannex.com/s23/v4/mustache.js http://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js https://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js http://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js https://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js http://cdn.socialannex.com/s28/v2.0/s28-reviewrating.js *.static.hotjar.com/ https://script.hotjar.com/modules.901d255c60be478c0407.js *.googletagmanager.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/incoming-feedback.573ff3cea08d248d8964.js *.gtm.js *.googleoptimize.com *.newrelic.com/ bam-cell.nr-data.net https://static.klaviyo.com https://fast.a.klaviyo.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.socialannex.com/ *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.socialannex.com https://service.force.com *.nextopia.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.mediafiles.scoutshop.org https://mediafiles.scoutshop.org/Media/video_scouttalk_sbsa_1920x1080.mp4 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://s23.socialannex.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.socialannex.com *.analytics.js *.google-analytics.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net https://script.hotjar.com/modules.901d255c60be478c0407.js bam-cell.nr-data.net in.hotjar.com https://fast.a.klaviyo.com https://static.klaviyo.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.klevu.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://store.plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.youtube.com *.paypal.com *.usehero.com *.braintreegateway.com *.cardinalcommerce.com https://store.plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.trustpilot.com *.nosto.com *.amazonaws.com *.klevu.com *.finance-calculator.co.uk *.paypal.com *.usehero.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.trustpilot.com *.nosto.com *.klevu.com polyfill.io *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.nosto.com *.klevu.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.finance-calculator.co.uk *.paypal.com *.nosto.com *.google.com *.braintree-api.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' data: 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net fonts.gstatic.com joinhoney.com cdn.joinhoney.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com imgs.signifyd.com amc.demdex.net 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net reebee.com www.reebee.com *.moneris.com h.online-metrix.net *.issuu.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 6127557.global.siteimproveanalytics.io amcglobal.sc.omtrdc.net cdn.klarna.com cm.everesttech.net dpm.demdex.net img.youtube.com imgs.signifyd.com landofcoder.com mageside.com maps.gstatic.com maps.googleapis.com *.online-metrix.net www.bmr.ca www.mageworx.com 'self' 'unsafe-inline' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net www.google.ro www.google.be www.google.co.in www.google.fr www.google.dz adserve.atedra.com *.gstatic.com *.siteimprove.com *.siteimproveanalytics.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.googletagmanager.com www.google-analytics.com polyfill.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' data: 'unsafe-inline' data: 'unsafe-eval' data: s7.addthis.com maps.googleapis.com z.moatads.com v1.addthisedge.com m.addthis.com r2-t.trackedlink.net imgs.signifyd.com cdn-scripts.signifyd.com www.google.com 'self' 'unsafe-inline' 'unsafe-eval' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com *.algolia.net www.reebee.com reebee.com www.gstatic.com *.gstatic.com siteimproveanalytics.com bam.nr-data.net r2.dotmailer-surveys.com static.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.algolia.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com m.addthis.com *.algolianet.com imgs.signifyd.com amcglobal.sc.omtrdc.net dpm.demdex.net 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com polyfill.io ca.api4load.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /pub/csp-report.php; report-to report-endpoint; 2 default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc=' 'sha256-bT1Ymq1WqmR/IVUk/bpwBj+OeadvKW6Z37bJhTu00oY='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2 default-src 'self'; img-src 'self' data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com; font-src *.gstatic.com *.hotjar.com;frame-src *.twitter.com *.hotjar.com *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net; connect-src *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://ws12.hotjar.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es js.stripe.com hooks.stripe.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es store.paradoxlabs.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net js.stripe.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.stripe.com *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.hotjar.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.amazon.com *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.googletagmanager.com/ *.twitter.com *.google.com *.addthis.com *.uptain.de *.hotjar.com *.facebook.com *.youtube.com *.amazon.com *.amazon.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ maps.gstatic.com/ *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com 'self' data: app.usercentrics.eu *.cloudfront.net *.google.de *.maxcluster.net *.magecomp.com *.youtube.com *.ssl-amazon.com *.media-amazon.com *.ssl-images-amazon.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com polyfill.io http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com *.googleapis.com graph.facebook.com widgets.pinterest.com app.usercentrics.eu app.uptain.de *.hotjar.com *.payments-amazon.com *.newrelic.com *.nr-data.net *.facebook.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.twitter.com *.paypal.com *.usercentrics.eu *.uptain.de *.hotjar.com *.nr-data.net wss://ws15.hotjar.com *.amazon.com *.amazon.de 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 img-src https:; report-uri https://dmzls-dub-mc.safe-installation.com/casino 2 font-src fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors *.schoolhealth.com mcstaging2.schoolhealth.com/ portal.punchout2go.com qa-portal.punchout2go.com dev-portal.punchout2go.com sapportal.ocps.net sapportalqap.ocps.net shop.equallevel.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.youtube.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com cdn.dnky.co webchat.dotdigital.com *.schoolhealth.com *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.cenpos.net *.cenpos.com *.schoolhealth.com *.chartbeat.com *.chartbeat.net *.pages03.net *.unbxdapi.com *.b0e8.com www.google.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com maps.googleapis.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.cenpos.com *.cenpos.net *.google.com *.gstatic.com *.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.googletagmanager.com ssl.google-analytics.com *.cloudfront.net *.cloudflare.com *.pages03.net *.b0e8.com *.addtoany.com *.chartbeat.com *.punchout2go.com *.unbxdapi.com *.unbxd.com *.unbxd.io *.newrelic.com *.nr-data.net 'unsafe-eval' data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com *.googleapis.com *.unbxdapi.com *.unbxd.com *.unbxd.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.doubleclick.net www.google-analytics.com *.nr-data.net *.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/school; report-to report-endpoint; 2 default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com; img-src 'self' data: https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net; report-uri https://jeno.report-uri.com/r/d/csp/enforce 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2 default-src 'none';script-src 'self' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com https://storage.googleapis.com www.youtube.com *.ytimg.com https://az416426.vo.msecnd.net https://www.snapengage.com *.sleeknote.com 'sha256-/T8ei2agBozQQf3bDP88s4kGQHpPZ895F7C9leXiAuI=' 'sha256-84SdRJ3V5kHdFpCNyPHV65PvbVR7CrU+frk6XrjiJYk=' 'sha256-tlnnbbyW1jYRDa/xbAikIzyAehZr5yVUewyVV0ES5Fo=' 'sha256-YMXr6nR4Y24J/A3BV0rsAejvq8rQNrZPFXrMwPNInMY=' 'sha256-dZB5CgpmP37thT2f4phKMohGYLl6vnHS9aV6jLXI/Ww=' 'sha256-270dzOys3KjArpkwzugCwnTIScNZF0OAftN0dXMjFn0=' 'sha256-YdzAfGxOs9AMecT6I4/YEdEWdLYO3yZER2AJxJle9Wg=' 'sha256-pDSwtKqiYezpPoJIKuKQi7lyp3nPhHS+zVOEt81jLe0=';object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-PLhQ1IguHjjEeFz1rcHAp1G0kdXEviAPtpMGhKEoxLw=' 'sha256-NJ45L53GQHjbanjFYsFzNI6wUt9suktEt2cgKsSVXPI=' 'sha256-hMEnt2qMHAmQZgCjWJ4hweKuzi+3YEdUo00f8k/ebMo=';img-src 'self' https://www.google-analytics.com https://storage.googleapis.com;media-src 'none';frame-src 'self' www.youtube.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;connect-src 'self' https://api.ipgeolocation.io https://dc.services.visualstudio.com;child-src www.youtube.com;form-action 'self' https://az416426.vo.msecnd.net https://www.snapengage.com;worker-src 'self' blob:;report-uri /api/csp-report/log 2 font-src https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com data: https://www.google.com https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.google.com https://www.gstatic.com https://storage.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net https://*.swaven.com https://*.usabilla.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://bam.eu01.nr-data.net https://*.blueconic.net https://*.swaven.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net 'self' 'unsafe-inline'; 2 font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com *.gstatic.com https://www.youtube.com https://*.ytimg.com *.db-app.de https://www.google.com *.googleapis.com *.google.com integration.hotelmap.com googleads.g.doubleclick.net https://www.hotelmap.com https://hotelmap.com https://www.googleadservices.com *.facebook.net https://walls.io https://www.linkedin.com https://px.ads.linkedin.com https://www.googletagmanager.com https://cdn.cookielaw.org https://api.mapbox.com https://app.webreg.me *.onetrust.com; style-src 'self' data: 'unsafe-inline' fast.fonts.net hotelmap.com https://translate.googleapis.com; img-src 'self' data: reedexpo-service.com *.db-app.de *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com https://*.ytimg.com https://www.google.de https://www.google.com https://www.google.at stats.g.doubleclick.net *.cloudfront.net integration.hotelmap.com hotelmap.com i.travelapi.com https://www.hotelmap.com foto.hrsstatic.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com stats.g.doubleclick.net *.googleapis.com connect.facebook.net https://www.facebook.com https://cdn.cookielaw.org *.onetrust.com https://s3-eu-central-1.amazonaws.com; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com https://www.google.com reedexpo-service.com *.google.com https://www.hotelmap.com https://www.googletagmanager.com https://walls.io https://www.facebook.com https://rxosc.messe.at; frame-ancestors 'self' data: 2 object-src 'none'; report-uri https://sjc1.qualtrics.com/csp-report 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.google-analytics.com https://api.fundpress.io https://api-uk.kurtosys.app https://s.go-mpulse.net https://www.brighttalk.com; script-src-elem 'self' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.google-analytics.com https://api.fundpress.io https://api-uk.kurtosys.app https://s.go-mpulse.net https://www.brighttalk.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://api.fundpress.io; style-src-elem 'self' 'unsafe-inline' https://api.fundpress.io https://cdn.cookielaw.org; style-src-attr 'unsafe-inline'; img-src 'self' data: https://smetrics.mandg.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://cm.everesttech.net https://dpm.demdex.net https://api.fundpress.io https://api-uk.kurtosys.app https://www.gstatic.com https://www.brighttalk.com; font-src 'self' https://api.fundpress.io https://fonts.gstatic.com; connect-src 'self' https://search-api.swiftype.com https://cdn.cookielaw.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://smetrics.mandg.com https://dpm.demdex.net https://api.fundpress.io https://api-uk.kurtosys.app https://c.go-mpulse.net https://*.akstat.io https://*.akamaihd.net; frame-src https://prudentialdistribution.demdex.net https://mandg.videomarketingplatform.co https://www.brighttalk.com https://mandg.fidainformatica.it; frame-ancestors 'self' https://www.mymandg.co.uk; plugin-types text/javascript; report-uri /csp/log 2 font-src 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.authorize.com *.facebook.net *.facebook.com *.driftt.com *.bootstrapcdn.com *.hubspot.com *.authorize.net *.mailchimp.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.google.com *.iglobalstores.com *.authorize.net *.spreedly.com *.driftt.com *.hubspot.com *.getbread.com *.hotjar.com paypal.com *.braintree-api.com *.braintreegateway.com *.addthis.com *.youtube.com www.youtube.com *.online-metrix.net *.signifyd.com *.demdex.net *.tinymce.com *.tiny.cloud core.spreedly.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.ytimg.com *.s3.amazonaws.com *.amazonaws.com *.driftt.com *.klaviyo.com *.g.doubleclick.net *.hubspot.com *.authorize.net *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.signifyd.com *.e.aa.online-metrix.net *.bbb.org *.facebook.net *.facebook.com *.hotjar.com *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.secure.force.com *.mailchimp.com cm.everesttech.net *.demdex.net amcglobal.sc.omtrdc.net *.tinymce.com *.tiny.cloud yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com d.adroll.mgr.consensu.org *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.spreedly.com *.zonos.com *.yotpo.com *.braintreegateway.com *.bootstrapcdn.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.facebook.net *.facebook.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com chimpstatic.com *.mailchimp.com mc.us18.list-manage.com *.tinymce.com *.tiny.cloud https://unpkg.com/@webcomponents/ https://widgets.quadpay.com core.spreedly.com *.subscribepro.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.klaviyo.com *.bootstrapcdn.com *.driftt.com *.authorize.net display.ugc.bazaarvoice.com *.signifyd.com *.facebook.net *.facebook.com *.mailchimp.com *.tinymce.com *.tiny.cloud https://widgets.quadpay.com *.subscribepro.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com *.zdassets.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com *.google.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.zonos.com *.yotpo.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com d.adroll.mgr.consensu.org *.facebook.net *.facebook.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com www.paypal.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com *.braintreegateway.com chimpstatic.com *.mailchimp.com *.demdex.net *.tinymce.com *.tiny.cloud https://unpkg.com/@webcomponents/ https://widgets.quadpay.com *.subscribepro.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js http://sparkbox.github.com https://analytics.twitter.com https://apply.workable.com https://assets.codepen.io https://bid.g.doubleclick.net https://cdn.jsdelivr.net https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://production-assets.codepen.io https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.codepen.io https://static.hotjar.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.workable.com https://www.youtube.com; connect-src 'self' *.hotjar.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: http://t.co https://lh6.googleusercontent.com https://p.adsymptotic.com https://px.ads.linkedin.com https://stats.g.doubleclick.net/r/collect https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' data: http://afeld.github.io/emoji-css/emoji.css http://hello.myfonts.net/count/3ca576 https://cloud.typography.com/655912/6152352/css/fonts.css https://fonts.googleapis.com https://hello.myfonts.net https://hello.myfonts.net/count/3ca576; frame-src 'self' https://bid.g.doubleclick.net https://codepen.io https://codesandbox.io https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; media-src data:; report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 2 script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://use.fontawesome.com; frame-ancestors 'self' 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.netreviews.eu cl.avis-verifies.com www.google.com www.google.fr www.facebook.com bat.bing.com px.ads.linkedin.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.kameleoon.com *.kameleoon.eu cl.avis-verifies.com www.googletagmanager.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.kameleoon.com *.kameleoon.eu www.google-analytics.com bat.bing.com *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 frame-src 'self' https://js.driftt.com; https://www.lacework.com; child-src 'self' https://js.driftt.com; https://www.lacework.com; script-src 'self' https://js.driftt.com; https://www.lacework.com; upgrade-insecure-requests 2 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com 2 default-src https: wss: 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 child-src 'self' https://teams.microsoft.com blob:; frame-ancestors 'self' https://teams.microsoft.com; report-uri /api/v2/report/csp; 2 default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 2 script-src 'self' https://cdn.rawgit.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 2 font-src *.cloudflare.com *.sfdcstatic.com *.gstatic.com 'self' data: *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://qlfbrands.my.salesforce.com *.gstatic.com *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.keurmerk.info *.pinterest.com 'self' data: *.gstatic.com *.googleapis.com *.trustedshops.com *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.cloudflare.com *.webeyez.com *.trustedshops.com https://connect.ekomi.de *.salesforce.com *.googletagmanager.com *.salesforceliveagent.com https://qlfbrands.my.salesforce.com *.googleapis.com *.pinterest.com *.myafterpay.com *.psp.com *.v-psp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com https://qlfbrands.my.salesforce.com *.gstatic.com *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.webeyez.com *.trustedshops.com *.gstatic.com *.etrusted.com *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'report-sample' 'self' https://apis.google.com/js/plusone.js https://assets.pinterest.com/js/pinit.js https://connect.facebook.net/en_US/fbevents.js https://platform.twitter.com/widgets.js https://seal.thawte.com/getthawteseal https://ssl.google-analytics.com/ga.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/translate_static/js/element/main.js; style-src 'report-sample' 'self' https://translate.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' https://accounts.google.com https://apis.google.com https://my.sendinblue.com https://platform.twitter.com https://www.facebook.com https://www.youtube.com; img-src 'self' https://i.ytimg.com https://log.pinterest.com https://ssl.google-analytics.com https://syndication.twitter.com https://www.facebook.com https://www.gstatic.com; manifest-src 'self'; media-src 'self'; report-uri https://5f466512b641482c3e7cf8aa.endpoint.csper.io/; worker-src 'none'; 2 default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 2 default-src *.cloud.mail.ru *.clob.mail.ru *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.gemius.pl *.weborama.fr *.adriver.ru *.serving-sys.com *.moatads.com *.doubleverify.com *.adsafeprotected.com *.adlooxtracking.com *.nativeroll.tv *.seedr.com *.criteo.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com *.yandex.ru; script-src 'unsafe-inline' 'unsafe-eval' *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.yandex.ru *.odnoklassniki.ru odnoklassniki.ru *.ok.ru ok.ru *.doubleverify.com *.dvtps.com *.moatads.com *.adlooxtracking.com *.adsafeprotected.com bs.serving-sys.com ds.serving-sys.com secure-ds.serving-sys.com *.nativeroll.tv *.seedr.com *.criteo.com *.scorecardresearch.com www.google-analytics.com www.googletagmanager.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com yastatic.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; img-src data: *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com cdn.consentmanager.mgr.consensu.org; font-src data: *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; frame-src *.mail.ru *.datacloudmail.ru *.cldmail.ru docs.mail.ru *.officeapps.live.com *.mradx.net *.doubleverify.com *.nativeroll.tv *.criteo.com yastatic.net; object-src data: blob: https://*; report-uri https://cspreport.mail.ru/cloud/; worker-src blob: *.mail.ru; connect-src https://*.mail.ru https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ok.ru https://*.yandex.ru https://analytics.google.com https://corsapi.imgsmail.ru https://vk.com bs.serving-sys.com dh.serving-sys.com *.doubleverify.com *.adlooxtracking.com *.nativeroll.tv *.seedr.com *.criteo.com; 2 font-src fonts.gstatic.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com use.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net tr.snapchat.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com www.youtube.com secure.authorize.net test.authorize.net *.gomoxie.solutions *.braintreegateway.com tr.snapchat.com *.doubleclick.net *.paypal.com *.paypalobjects.com cdn.dnky.co webchat.dotdigital.com https://store.plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.googleadservices.com www.google-analytics.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net data: us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com maps.googleapis.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com secure.authorize.net test.authorize.net www.youtube.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions *.googleapis.com js-agent.newrelic.com js.braintreegateway.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.paypal.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintree-api.com *.braintreegateway.com *.paypal.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.facebook.com ct.pinterest.com *.userway.org *.coke.com api.addressy.com *.ccnag.com *.paypalobjects.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://csp.rcahms.gov.uk/ncap-live; 2 default-src 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.google.com; font-src 'self' fonts.gstatic.com; img-src 'self' 'unsafe-eval' datawow.s3.amazonaws.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com; 2 default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com; report-uri /csp-violation-report-endpoint/ 2 block-all-mixed-content 2 default-src 'unsafe-inline' 'unsafe-eval' data: https:; 2 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 2 font-src fonts.googleapis.com fonts.gstatic.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.criteo.com https://*.criteo.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com https://googleads.g.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://vars.hotjar.com https://c.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.criteo.com https://c.bing.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://secure.adnxs.com https://ads.yahoo.com/ https://*.analytics.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://r.casalemedia.com https://s.ad.smaato.net https://*.aralego.com https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://*.taboola.com https://pixel.advertising.com https://us-u.openx.net https://contextual.media.net https://match.sharethrough.com https://ad.360yield.com https://tg.socdm.com https://*.stickyadstv.com https://tags.bluekai.com https://cw.addthis.com https://trends.revcontent.com https://email.traversedlp.com https://idsync.rlcdn.com https://*.dotomi.com https://jadserve.postrelease.com https://match.adsrvr.org https://ade.clmbtech.com https://tapestry.tapad.com https://nep.advangelists.com https://ad.turn.com https://ums.acuityplatform.com https://ad.yieldlab.net https://sync.ad-stir.com https://matching.ivitrack.com https://ads.yieldmo.com https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://apps.ezprints.com https://maps.gstatic.com https://bat.bing.com https://maps.googleapis.com/ https://*.stats.paypal.com https://cdn.klarna.com https://c.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://www.googletagmanager.com https://sca1.listrakbi.com https://s1.listrakbi.com https://fp.listrakbi.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.criteo.com https://*.criteo.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://www.googleadservices.com https://*.hotjar.com https://*.paypal.com https://*.braintreegateway.com/ https://d.impactradius-event.com https://cdn.listrakbi.com https://s1.listrakbi.com https://at1.listrakbi.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.listrakbi.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com https://*.sandbox.braintree-api.com https://*.braintree-api.com https://client-analytics.braintreegateway.com https://stats.g.doubleclick.net/ https://*.hotjar.com https://www.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 worker-src blob:; font-src *.fontawesome.com *.narvar.com *.narvar.qa https://cdnjs.cloudflare.com *.cloudflare.com *.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.twitter.com *.youtube.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.googletagmanager.com *.facebook.com *.hotjar.com *.twitter.com *.demdex.net *.doubleclick.net *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.vimeo.com *.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.narvar.com *.narvar.qa https://s.ytimg.com *.ytimg.com *.magentocommerce.com *.paypal.com *.cloudfront.net *.amazon.com *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.bigcontent.io *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.emdex.net *.everesttech.net data: *.avada.io *.visualwebsiteoptimizer.com *.bing.com *.facebook.com *.quantserve.com *.doubleclick.net *.google.com *.google.be *.google.co.in *.omtrdc.net *.demdex.net *.dickieslife.com *.amasty.com http://fulluat-vfc.cs87.force.com *.test.adyen.com *.live.adyen.com blob: *.googletagmanager.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.avada.io https://cdnjs.cloudflare.com *.google.com *.googletagmanager.com *.googleadservices.com *.hotjar.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.onetrust.com *.facebook.net *.bing.com *.visualwebsiteoptimizer.com *.authorize.net *.braintreegateway.com *.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada-popup.min.js *.quantserve.com *.quantcount.com *.doubleclick.net *.webgains.io *.salesforceliveagent.com *.gstatic.com *.webgains.com https://w-it.m-t.io *.googleapis.com *.test.adyen.com *.live.adyen.com *.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.com *.amazonpay.jp mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.avada-popup.min.js *.emdex.net *.everesttech.net *.doubleclick.net www.google-analytics.com *.avada.io *.visualwebsiteoptimizer.com *.hotjar.com *.paypal.com *.paypalobjects.com *.demdex.net *.hotjar.io *.bing.com *.adyen.com *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.onetrust.com *.go-mpulse.net *.akstat.io/ 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es maps.googleapis.com data: *.gstatic.com *.cdninstagram.com *.fbcdn.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com maxcdn.bootstrapcdn.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl blob: cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.nosto.com *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src js.klevu.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.google.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com *.nosto.com js.klevu.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.crafterscompanion.co.uk www.crafterscompanion.com www.crafterscompanion.eu *.nos.to 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.nosto.com js.klevu.com www.dwin1.com www.google.com www.gstatic.com www.googletagmanager.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com js-agent.newrelic.com bam.nr-data.net *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com js.klevu.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.nosto.com js-agent.newrelic.com bam.nr-data.net *.nos.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://geoip-js.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https://themes.googleusercontent.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https://rivm.nl/ https://*.rivm.nl/; report-uri /report-csp-violation 2 default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://www.gstatic.com/recaptcha/ https://www.youtube.com https://*.ytimg.com *.db-app.de https://www.google.com *.googleapis.com *.google.com googleads.g.doubleclick.net https://www.googleadservices.com https://hotelmap.com *.hotelmap.com https://browser.sentry-cdn.com https://snap.licdn.com https://fullstory.com https://code.jquery.com *.facebook.net *.facebook.com *.onetrust.com; style-src 'self' data: 'unsafe-inline' fast.fonts.net hotelmap.com https://optanon.blob.core.windows.net https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: https://optanon.blob.core.windows.net *.linkedin.com https://www.facebook.com connect.facebook.net reedexpo-service.com *.db-app.de *.googletagmanager.com *.googleapis.com *.google-analytics.com https://www.google.de https://www.google.com https://www.google.at stats.g.doubleclick.net *.cloudfront.net integration.hotelmap.com hotelmap.com i.travelapi.com https://www.hotelmap.com foto.hrsstatic.com https://cdn.cookielaw.org/ *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com graph.facebook.com reedexpo-service.com stats.g.doubleclick.net *.googleapis.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://rs.fullstory.com https://cdn.cookielaw.org https://privacyportal.onetrust.com; font-src 'self' data: fonts.gstatic.com fast.fonts.net; child-src 'self' data: blob: *.youtube-nocookie.com https://player.youku.com https://cdn.cookielaw.org https://www.google.com reedexpo-service.com *.google.com https://privacyportal.onetrust.com https://www.hotelmap.com https://www.googletagmanager.com https://rxosc.messe.at; worker-src 'self' data: blob:; frame-ancestors 'self' data: 2 default-src https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.addthis.com https://*.addthisedge.com *.moatads.com https://www.googletagmanager.com https://resources.peta.org https://services.peta.org https://ajax.googleapis.com https://assets.pinterest.com https://cdn.b0e8.com https://connect.facebook.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://services.peta.org https://connect.facebook.net https://assets.pinterest.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://i.ytimg.com https://log.pinterest.com https://www.google-analytics.com https://a.b0e8.com https://ajax.googleapis.com; 2 font-src *.gstatic.com data: 'self' 'unsafe-inline'; form-action *.computop-paygate.com *.paypal.com *.girogate.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com https://googleads.g.doubleclick.net/ *.google.com *.google.de *.amazon.com *.payments-amazon.com *.amazon.de *.amazon.fr *.cloudfront.net *.awin1.com *.criteo.net *.criteo.com *.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validate.fishpig.co.uk https://www.valmano.com https://www.valmano.fr https://www.valmano.nl https://www.valmano.de https://www.valmano.at https://www.valmano.be https://www.valmano.se data: *.amazonaws.com *.cloudfront.net *.g.doubleclick.net *.google.com *.google.de *.bing.com *.facebook.com *.yahoo.com *.dwin1.com *.awin1.com *.addthis.com *.adnxs.com *.adscale.de *.adform.net *.advertising.com *.bidswitch.net *.casalemedia.com *.criteo.com *.tremorhub.com *.teads.tv *.ads.yieldmo.com *.demdex.net *.e-planning.net *.ivitrack.com *.liadm.com *.media.net *.omnitagjs.com *.outbrain.com *.openx.net *.pubmatic.com *.rubiconproject.com *.s24.com *.smaato.net *.smartclip.net *.smartadserver.com *.stickyadstv.com *.taboola.com *.3lift.com *.yandex.ru *.yieldlab.net *.360yield.com *.klarnacdn.net 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com jquery.sellxed.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net https://cdn.jsdelivr.net *.zencdn.net *.payments-amazon.com *.scarabresearch.com *.amazon.de *.amazon.fr *.bing.com *.facebook.net *.dwin1.com *.awin1.com *.criteo.net *.criteo.com *.s24.com *.klarnacdn.net *.baqend.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.zencdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com https://stats.g.doubleclick.net *.amazon.com *.scarabresearch.com *.amazon.de *.amazon.fr *.klarnaevt.com *.klarna.com *.baqend.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.valmano.com/fakeurl; report-to report-endpoint; 2 font-src *.sagepay.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com https://www.google.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 2 default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 2 default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com www.gstatic.com/recaptcha/ www.youtube.com *.ytimg.com www.google.com *.googleapis.com *.google.com www.googleadservices.com www.googletagmanager.com *.cookielaw.org *.onetrust.com connect.facebook.net; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: reedexpo-service.com www.barconvent.com *.cookielaw.org *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com connect.facebook.net www.google.de www.google.com www.google.at *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com *.cookielaw.org *.onetrust.com *.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com www.google.com reedexpo-service.com *.google.com; frame-ancestors 'self' data: 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com connect.facebook.net https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.gstatic.com www.verasafe.com *.hsforms.net *.hsforms.com js.hsleadflows.net www.recaptcha.net js.hs-banner.com ; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com fonts.googleapis.com; img-src 'self' img.youtube.com i.ytimg.com track.hubspot.com www.google.com www.google.co.in www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.cloudfront.net *.hsforms.com *.linkedin.com px.ads.linkedin.com p.adsymptotic.com; media-src 'self' *.youtube.com ; frame-src 'self' *.youtube.com staticxx.facebook.com forms.hsforms.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com www.recaptcha.net; frame-ancestors 'self' *.youtube.com ; child-src 'self' *.youtube.com ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.googlevideo.com api.hubspot.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com forms.hubspot.com; report-uri /report-csp-violation 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.youtube.com js.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws:; report-uri /csp-violation-report-endpoint/ 2 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri / 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:;font-src https: data:; report-uri /csp-report 2 default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; report-to content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 2 font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com data: https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com https://*.googleapis.com https://*.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2 font-src fonts.gstatic.com *.typekit.net *.gstatic.com *.googleapis.com *.bazaarvoice.com *.xisecurenet.com data: acsbap.com acsbapp.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.takemefishing.org 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.bazaarvoice.com *.google.com *.youtube.com *.facebook.com *.xisecurenet.com *.paymetric.com *.doubleclick.net *.fishbrain.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com *.klaviyo.com *.googleadservices.com *.google-analytics.com *.paypal.com data: *.zebco.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.google.com *.doubleclick.net *.gstatic.com *.facebook.com insight.adsrvr.org *.xisecurenet.com *.bazaarvoice.com *.googletagmanager.com ib.adnxs.com pixel.advertising.com match.adsrvr.org *.yahoo.com pixel.rubiconproject.com *.bidswitch.net dsum-sec.casalemedia.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.typekit.net/ *.pixriot.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.klaviyo.com https://fast.a.klaviyo.com *.bazaarvoice.com *.google-analytics.com *.gstatic.com *.magentocommerce.com *.cardinalcommerce.com *.google.com *.googletagmanager.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.facebook.net *.xisecurenet.com *.newrelic.com bam.nr-data.net *.experticity.com *.iesnare.com *.typekit.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com display.ugc.bazaarvoice.com *.typekit.net/ *.fonts.net *.googleapis.com *.gstatic.com *.bazaarvoice.com *.xisecurenet.com *.klaviyo.com *.myfonts.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klaviyo.com *.paypal.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.google.com *.google-analytics.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.xisecurenet.com *.bazaarvoice.com *.experticity.com bam.nr-data.net *.facebook.net cdn.acsbap.com cdn.acsbapp.com google-analytics.com stats.g.doubleclick.net *.pixriot.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.marcelle.com *.cloudmaestro.com staticw2.yotpo.com widget-mediator.zopim.com *.cloudflare.com acuityplatform.com *.google.com chimpstatic.com www.googletagmanager.com *.google-analytics.com analytics.twitter.com *.facebook.net *.hotjar.com static.zdassets.com platform.instagram.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.zendesk.com *.criteo.net www.youtube.com s.ytimg.com *.criteo.com ajax.googleapis.com api.instagram.com www.instagram.com app.purechat.com widget.surveymonkey.com secure-cdn.mplxtms.com snap.licdn.com *.annabelle.com www.lisewatier.com www.lisewatier.us www.salesgroupemarcelle.com www.googleadservices.com secure.adnxs.com ib.adnxs.com platform.twitter.com s.pinimg.com googleads.g.doubleclick.net static.ads-twitter.com *.queue-it.net marcelle.us5.list-manage.com tpc.googlesyndication.com ws1.postescanada-canadapost.ca 2 font-src fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.youtube.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.youtube.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.pixriot.com data: https://cdn.cookielaw.org/ https://widgets.trustedshops.com/ www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com maps.googleapis.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com cdn-scripts.signifyd.com www.youtube.com https://cdn.cookielaw.org/ https://widget.trustpilot.com/ https://invitejs.trustpilot.com/ https://widgets.trustedshops.com/ www.googletagmanager.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.pixriot.com https://cdn.cookielaw.org/ 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-uri https://pc.clickstream.events/events/csp; frame-ancestors 'none'; upgrade-insecure-requests; default-src https:; object-src 'none'; child-src 'self' https://*.powerchord.com https://www.youtube.com; connect-src 'self' https://*.powerchord.com https://*.powerchord.io https://*.powerchord.eu https://*.algolia.net https://www.google.ba https://www.google.lu https://www.google.es https://www.google.at https://www.google.mk https://www.google.hu https://www.google.pl https://www.google.rs https://www.google.nl https://www.google.fr https://www.google.de https://137-anb-938.mktoresp.com https://vc.hotjar.io; frame-src 'self' https://*.google.com https://www.youtube.com https://*.traktorpool.de; script-src 'self' https://*.powerchord.com https://*.powerchord.io https://*.cloudflare.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.mapbox.com https://pc.clickstream.events https://cdn.cookielaw.org https://geolocation.onetrust.com https://browser.sentry-cdn.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://unpkg.com https://connect.facebook.net https://www.youtube.com https://*.traktorpool.de https://hubspot.com https://www.wufoo.com https://sp.analytics.yahoo.com https://js.hs-analytics.net https://widget.us.criteo.com https://sslwidget.criteo.com https://gum.criteo.com https://js.hsadspixel.net https://script.hotjar.com https://pi.pardot.com; 2 font-src *.fontawesome.com use.typekit.net data://* fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com p.typekit.net *.gstatic.com data: *.cdninstagram.com *.fbcdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.fontawesome.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.bootstrapcdn.com *.typekit.net fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.instagram.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self';base-uri 'self';block-all-mixed-content;font-src * data:;frame-ancestors 'self';img-src https:;object-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';script-src-attr 'none';style-src https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' dc.services.visualstudio.com wss://*.hotjar.com *.hotjar.com *.hotjar.io s.yimg.com bat.bing.com *.google-analytics.com stats.g.doubleclick.net;frame-src https:;report-uri /csp-report;report-to csp-report 2 font-src *.sagepay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.magezon.com quickchart.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 block-all-mixed-content; frame-ancestors 'none'; object-src 'none'; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 2 report-uri https://imkryiyepi.execute-api.eu-west-1.amazonaws.com/production/; default-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem script-src-elem https://ssl.google-analytics.com https://www.googletagservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://securepubads.g.doubleclick.net https://adservice.google.co.uk https://adservice.google.com https://tpc.googlesyndication.com 'unsafe-inline' 'self'; script-src https: https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2 default-src http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; frame-ancestors http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; frame-src http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.google.com; font-src data: 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee fonts.gstatic.com; style-src 'unsafe-inline' 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee fonts.googleapis.com; connect-src 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.google-analytics.com stats.g.doubleclick.net; img-src blob: data: 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee https://www.trueweb.ee http://www.trueweb.ee ssl.google-analytics.com www.google-analytics.com www.google.com www.google.ee www.facebook.com; script-src 'unsafe-inline' 'unsafe-eval' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.gstatic.com www.google.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com connect.facebook.net www.facebook.com; base-uri 'self'; form-action 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; 2 font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://www.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com https://s.ytimg.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.yotpo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net webchat.dotdigital.com *.newrelic.com *.nr-data.net bam.nr-data.net cdn.dnky.co api.comapi.com https://www.google.com https://www.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net cdn.dnky.co yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com www.google-analytics.com *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.nr-data.net bam.nr-data.net api.comapi.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.narvar.com *.narvar.qa *.sensefuel.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.narvar.com *.narvar.qa *.cloudinary.com *.cloudfront.net *.dnd.fr data: *.eden-park.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.net *.googletagmanager.com *.sensefuel.com *.nosto.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sensefuel.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.sensefuel.com *.instagram.com *.nosto.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 worker-src 'none'; 2 media-src https://*.yahoo.com https://*.amazonaws.com https://*.smushcdn.com https://*.usemessages.com https://*.facebook.com https://*.google.com https://*.vimeo.com https://*.fbcdn.net https://*.instagram.com https://*.cloudfront.net https://www.harvestbyhillwood.com; img-src https://*.g.doubleclick.net https://*.google-analytics.com https://*.typekit.net https://*.googleadservices.com https://*.cdninstagram.com https://*.vimeo.com https://*.unionparkbyhillwood.com https://*.analytics.yahoo.com https://*.amazonaws.com https://*.facebook.com https://*.yahoo.com https://*.googleapis.com https://*.fbcdn.net https://*.cloudfront.net https://*.smushcdn.com https://*.google.com https://*.usemessages.com https://*.hubspot.com https://*.harvestbyhillwood.com https://*.s3.us-east-2.amazonaws.com https://*.instagram.com https://www.google.com.ng https://www.google.com.jm https://www.google.ae https://www.google.bj https://forms.hsforms.com https://www.google.com.mt https://www.rossperot.com https://pixel.spotify.com https://www.google.ca https://www.google.am https://www.google.co.jp https://connect.facebook.net https://www.google.co.uk https://www.google.com.mx https://googletagmanager.com; object-src https://*.smushcdn.com; worker-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.smushcdn.com https://*.yahoo.com https://*.facebook.com https://*.vimeo.com https://*.hsforms.com https://*.twitter.com https://*.googleapis.com https://*.g.doubleclick.net https://*.usemessages.com https://*.hsforms.net https://*.amazonaws.com https://*.googleadservices.com https://*.cloudflare.com https://*.yahooapis.com https://*.wishpond.net https://*.harvestbyhillwood.com https://*.cloudfront.net https://*.typekit.net https://*.instagram.com https://*.smarttouchinteractive.com https://*.fbcdn.net https://*.hs-analytics.net https://*.google.com https://*.hs-scripts.com https://www.rossperot.com https://www.google-analytics.com https://connect.facebook.net https://us.jsagent.tcell.insight.rapid7.com/; manifest-src 'none'; style-src 'unsafe-inline' 'unsafe-eval' https://*.facebook.com https://*.cloudflare.com https://*.wishpond.net https://*.typekit.net https://*.harvestbyhillwood.com https://*.fbcdn.net https://*.usemessages.com https://*.vimeo.com https://*.googleapis.com https://*.google.com https://*.cloudfront.net https://*.hsforms.net https://*.facebook.net https://*.yahoo.com https://*.s3.us-east-2.amazonaws.com https://*.smushcdn.com https://use.fontawesome.com https://www.rossperot.com; font-src https://*.amazonaws.com https://*.typekit.net https://*.cloudflare.com https://*.harvestbyhillwood.com https://*.facebook.com https://*.googleapis.com https://*.fontawesome.com/ https://*.gstatic.com https://*.instagram.com https://*.usemessages.com https://*.google.com https://*.unionparkbyhillwood.com https://*.fbcdn.net https://www.rossperot.com https://use.fontawesome.com; child-src https://*.amazonaws.com https://*.fbcdn.net https://*.smushcdn.com https://*.wishpond.net https://*.vimeo.com https://*.googleapis.com https://*.instagram.com https://*.google.com https://*.g.doubleclick.net https://*.newhomesource.com https://*.yahoo.com https://*.facebook.com https://*.twitter.com https://*.usemessages.com https://www.youtube.com https://tpc.googlesyndication.com https://us.browser.tcell.insight.rapid7.com/ https://www.harvestbyhillwood.com https://forms.hsforms.com https://www.googletagmanager.com https://js.hscollectedforms.net; frame-src https://*.amazonaws.com https://*.fbcdn.net https://*.smushcdn.com https://*.wishpond.net https://*.vimeo.com https://*.googleapis.com https://*.instagram.com https://*.google.com https://*.g.doubleclick.net https://*.newhomesource.com https://*.yahoo.com https://*.facebook.com https://*.twitter.com https://*.usemessages.com https://www.youtube.com https://tpc.googlesyndication.com https://us.browser.tcell.insight.rapid7.com/ https://www.harvestbyhillwood.com https://forms.hsforms.com https://www.googletagmanager.com https://js.hscollectedforms.net; connect-src https://*.google-analytics.com https://*.fbcdn.net https://*.google.com https://*.rapid7.com https://*.amazonaws.com https://*.luckyorange.net https://*.g.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.wishpond.com https://*.wishpond.net https://*.typekit.net https://*.usemessages.com https://*.appspot-preview.com https://*.hubspot.com https://*.instagram.com https://*.yahoo.com https://*.smarttouchinteractive.com https://forms.hsforms.com https://us.agent.tcell.insight.rapid7.com https://www.harvestbyhillwood.com https://www.rossperot.com/API https://us.browser.tcell.insight.rapid7.com/ wss://artisan.wishpond.com https://www.rossperot.com; report-uri https://us.browser.tcell.insight.rapid7.com/csp/aa5bbd91507dda7a8397cea89fd82702e468f304257671754f49705597e2396b?sid=1c7f387af2656a4e54ec4ab5ba99b6f2&rid=lXbTXcbABvD-5E099SGd6JADZ7bwZqeJxRH9XhU6WMk 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 2 font-src df02f5jby0s6t.cloudfront.net fonts.gstatic.com maxcdn.bootstrapcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com info.mediapartners.com secure.livechatinc.com www.google.com elearning.mediapartners.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es df02f5jby0s6t.cloudfront.net https://www.google.com/ads/ga-audiences elearning.mediapartners.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com df02f5jby0s6t.cloudfront.net info.mediapartners.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com pi.pardot.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com df02f5jby0s6t.cloudfront.net fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src df02f5jby0s6t.cloudfront.net preview.mediapartners.com elearning.mediapartners.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com df02f5jby0s6t.cloudfront.net www.google-analytics.com info.mediapartners.com pi.pardot.com stats.g.doubleclick.net api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com fonts.gstatic.com *.nxedge.io 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.paypal.com *.terrapinlogo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.nxedge.io *.stats.paypal.com *.paypal.com data: www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io *.nxedge.io *.ctctcdn.com www.google.com *.gstatic.com *.paypal.com cdnjs.cloudflare.com *.terrapinlogo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.nxedge.io *.googleapis.com static.ctctcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.nxedge.io as.terrapinlogo.com *.google-analytics.com *.doubleclick.net *.ctctcdn.com *.sandbox.braintreegateway.com *.sandbox.braintree-api.com *.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self'; frame-ancestors 'self' *.inloco.com.br 2 frame-ancestors 'self'; report-uri /log/csp-violation 2 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'strict-dynamic' 'report-sample'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'report-sample'; script-src-elem * 'unsafe-inline' 'report-sample'; style-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'report-sample'; style-src-attr * 'unsafe-inline' 'unsafe-hashes' 'report-sample'; style-src-elem * 'unsafe-inline' 'report-sample'; frame-ancestors 'none' 2 report-uri http://izzhoga.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=81c3bbfaf7 2 default-src https: data: blob: android-webview-video-poster: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reports/; 1 report-uri https://www.yelp.com/csp_report_only?id=fdc277f045626f7a&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618352572; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 script-src 'nonce-hcwuCtwpWSwHOZJu5DjzBA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 script-src 'nonce-sGnTr62dU3Um6evp0jqxuA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/cacerts; base-uri 'none' 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-abBrPQZTNkqbokuQzkLwE4nFCipS37'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=69a3bfe5b37b0e6887fa95e5ba141409 1 script-src 'nonce-1c3416f2-c50e-4472-a01d-aeaeffc05d24' https:; report-uri https://ort.wellsfargo.com/reporting/csp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MTg4MTQyMTM4NywxNDc4MTgwMzgz'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1 default-src 'self' ; img-src * data: ; script-src 'unsafe-eval' 'self' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com data: ; connect-src 'self' www.google-analytics.com ssl.google-analytics.com ; media-src 'self' ; style-src 'self' fonts.googleapis.com tagmanager.google.com ; font-src 'self' fonts.gstatic.com data: ; frame-ancestors 'none' ; report-uri https://csp-report.postgresql.org/ 1 frame-ancestors 'self' https://*.filimo.com/; block-all-mixed-content; default-src 'self' https://*.filimo.com/; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://static.cloudflareinsights.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://mc.yandex.com/ https://recaptcha.net/ https://cdn.ampproject.org/ https://*.filimo.com/ https://www.gstatic.com/ https://client.crisp.chat/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://d31qbv1cthcecs.cloudfront.net/ https://www.googletagmanager.com/; style-src 'self' 'report-sample' 'unsafe-inline' data: https://fonts.googleapis.com/ https://*.filimo.com/ https://client.crisp.chat/; object-src 'self'; frame-src *; child-src blob: https://*.filimo.com/; img-src data: blob: * file: android-webview-video-poster:; font-src 'self' data: wss: https:; connect-src *; manifest-src https://*.filimo.com/; base-uri 'self'; form-action data: https://www.facebook.com/ https://*.filimo.com/ https://*.shaparak.ir/; media-src data: blob: *; worker-src blob: https://*.filimo.com/; report-uri https://gate.rapidsec.net/g/r/csp/65d48d31-dc15-445b-9c79-23d886ab7c98/0/6/3?sct=565e133b-d067-4878-9f1a-6412ff3bb3db&dpos=report 1 default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 1 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1 script-src 'self' 'unsafe-inline' 'nonce-e03Hzbx1uQbQCQRxsh7y35yfgriXfyq2' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-e03Hzbx1uQbQCQRxsh7y35yfgriXfyq2; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1 object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1 default-src 'self'; base-uri 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-F8lh6f3djyIfwjFO+SG9Cw=='; style-src 'self' http: https: blob: 'unsafe-inline'; connect-src 'self' http: https: data:; media-src 'self' http: https: blob: data:; frame-ancestors app.optimizely.com; frame-src 8294363.fls.doubleclick.net 9355701.fls.doubleclick.net a5935064.cdn.optimizely.com app.optimizely.com app-sjn.marketo.com episervernewprod.mktoweb.com go.episerver.com b.company-target.com bid.g.doubleclick.net c1.adform.net www.facebook.com fast.wistia.com fast.wistia.net js.driftt.com widget.drift.com platform.twitter.com rollouts-markitecture.herokuapp.com www.slideshare.net tpc.googlesyndication.com; font-src 'self' data: https: du7782fucwe1l.cloudfront.net fonts.gstatic.com js.driftt.com; img-src data: http: https: cdn.optimizely.com maps.gstatic.com; plugin-types application/pdf; object-src 'none'; report-uri https://cspreporter.optimizely.com/report/f2ef3de9-4cc8-4389-9b7c-6347689923e0 1 script-src 'nonce-LkN7Mi7mSj2dukcx6vXrog' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://irishtimes.report-uri.io/r/default/csp/reportOnly 1 object-src 'none' ; frame-ancestors 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com/widgets.js https://platform.twitter.com/js/ https://www.youtube.com https://player.vimeo.com/api/player.js https://cdn.segment.com/analytics.js/ https://cmp.osano.com/Azyw89S0I2gFuR2v/ed684bc0-8fdd-4609-af23-b196e28e7021/osano.js ; report-uri https://o22594.ingest.sentry.io/api/5456147/security/?sentry_key=44978edacbee40328c529047398efc6a&sentry_environment=static 1 default-src 'self'; report-uri https://csp.yahoo.com/beacon/csp?src=fendr_www.flurry.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://website.amnesty.local:35729/ https://az416426.vo.msecnd.net/ http://dev.visualwebsiteoptimizer.com/ https://connect.facebook.net/ http://script.crazyegg.com/ http://maps.googleapis.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com http://*.civiccomputing.com/ http://*.hotjar.com http://www.google-analytics.com/; img-src * data:; style-src 'self' 'unsafe-inline' http://hello.myfonts.net/count/2c502a; report-uri /umbraco/api/contentsecuritypolicy/report/ 1 default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1 img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1 script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org api.wikimedia.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-Mzg2MTA3NTY2OCw0MTgwMDgyMDQ5'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 default-src 'self' *.hangseng.com; script-src 'self' 'unsafe-eval' *.hangseng.com 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hangseng.com 'unsafe-inline'; img-src 'self' *.hangseng.com data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hangseng.com hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hangseng.com col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'report-sample' 'strict-dynamic' https://use.typekit.net 'nonce-xAGrOLCtVcPgC'; style-src 'self' 'unsafe-inline' 'report-sample'; font-src 'self'; img-src 'self' data: 'report-sample' https://s3.amazonaws.com https://eps.images.fr2.criticaljuncture.org https://private.images.fr2.criticaljuncture.org https://images.fr2.criticaljuncture.org https://lede-photos.fr2.criticaljuncture.org https://agency-logos.fr2.criticaljuncture.org https://public-inspection.fr2.criticaljuncture.org https://eps.images.federalregister.gov https://private.images.federalregister.gov https://images.federalregister.gov https://lede-photos.federalregister.gov https://agency-logos.federalregister.gov https://public-inspection.federalregister.gov https://www.google-analytics.com https://www.googletagmanager.com/; form-action 'self' 'report-sample' ; object-src 'none'; connect-src 'self' https://api.honeybadger.io https://www.google-analytics.com https://ekr.zdassets.com https://ofr.zendesk.com https://api.regulations.gov https://uploads-regulations-gov.s3.amazonaws.com; frame-ancestors 'none'; base-uri 'none'; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=&env=production& 1 block-all-mixed-content; frame-ancestors 'self' https://*.rte.ie https://*.rtegroup.ie; report-uri https://rte.report-uri.com/r/t/csp/reportOnly 1 default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.hsbc.com.hk; img-src 'self' *.hsbc.com.hk data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.com.hk hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.com.hk col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 style-src 'self' web-assets.waze.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' web-assets.waze.com www.youtube.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net s.ytimg.com ; report-uri https://csp.withgoogle.com/csp/waze/20200907_experiment; 1 font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tagesspiegel.report-uri.com/r/d/csp/reportOnly 1 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1 upgrade-insecure-requests; frame-ancestors 'self' *.aftonbladet.se *.aftonbladet-cdn.se; default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://aftonbladet.report-uri.com/r/d/csp/reportOnly 1 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net *.yimg.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1 block-all-mixed-content; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://cms.fordham.edu https://assets.fordham.edu https://bat.bing.com/bat.js https://us2.siteimprove.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.adhigh.net/p.js https://px.ads.linkedin.com https://scripts.ninjacat.io https://snap.licdn.com https://www.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://px.adhigh.net https://s.ytimg.com https://scripts.mymarketingreports.com https://libraryh3lp.com https://ds-aksb-a.akamaihd.net https://www.linkedin.com https://dc.ads.linkedin.com https://lgapi.libapps.com https://fw.cdn.technolutions.net https://cdn.syndication.twimg.com https://mx.technolutions.net https://synch.optimatic.com https://slate-technolutions-net.cdn.technolutions.net https://secure.adnxs.com https://consent.trustarc.com https://consent.truste.com https://platform.twitter.com https://gradadmissions.fordham.edu https://go.activecalendar.com; report-uri https://jaduuat.fordham.edu/site/custom_scripts/fordham_csperrors.php 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.365yg.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.muscdn.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.byted.org *.bytedance.net *.bytedance.com *.toutiaocloud.com *.snssdk.com *.toutiao.com *.huoshan.com *.douyin.com *.douyincdn.com *.jinritemai.com *.chengzijianzhan.com *.baike.com *.ribaoapi.com *.bytexservice.com *.pglstatp-toutiao.com *.oceanengine.com *.dyvideotape.com at.alicdn.com g.alicdn.com *.iesdouyin.com *.byteimg.com *.zjcdn.com bytedance: android-webview-video-poster: snssdk1128:;img-src 'self' blob: data: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval' *.douyin.com *.pstatp.com *.byteimg.com *.douyincdn.com *.toutiao.com *.snssdk.com *.pglstatp-toutiao.com *.byted.org *.oceanengine.com *.feiliao.com *.ixigua.com *.iesdouyin.com *.bytecdn.cn *.ribaoapi.com *.365yg.com *.bytexservice.com *.tiktokcdn.com;media-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.ixigua.com *.snssdk.com *.pstatp.com *.zjcdn.com *.365yg.com *.bytecdn.cn *.douyinvod.com;upgrade-insecure-requests ;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=douyin_inapp 1 connect-src 'self' 'unsafe-eval' *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.jazz.co *.sentry.io https://sentry.io report-sample; default-src 'self' blob: data: *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.sentry.io https://sentry.io report-sample; font-src 'self' 'unsafe-eval' data: *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com report-sample; frame-src 'self' *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.twimg.com *.twitter.com *.youtube.com report-sample; img-src 'self' data: blob: 'unsafe-inline' *; media-src 'self' data: blob: 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io *.twimg.com *.twitter.com report-sample; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io *.twimg.com *.twitter.com report-sample; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com *.twimg.com *.twitter.com report-sample; style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com *.twimg.com *.twitter.com report-sample; block-all-mixed-content; report-uri https://sentry.io/api/2983595/security/?sentry_key=21fae161c11a42bb965ab8ccf544f1fd 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1 default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-nxXHn+lcH19D6w==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri https://csp.tmcdn.co.nz/report 1 script-src 'self' *.concur.com *.concursolutions.com *.concurcdc.cn *.sap.com *.concurmessaging.com *.akamaihd.net *.akamaitechnologies.com *.deploy.akamaitechnologies.com *.deploy.static.akamaitechnologies.com *.googletagmanager.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.stats.g.doubleclick.net *.trustarc.com *.prefmgr-cookie.truste-svc.net *.walkme.com *.glancecdn.net *.glance.net *.s3.amazonaws.com s3.amazonaws.com *.salesforceliveagent.com *.cloud.sap *.ondemand.com *.ridecharge.com *.newrelic.com *.nr-data.net 'unsafe-inline' 'unsafe-eval';report-uri /nui/signin/report-violation 1 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /CSPReport; 1 default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src https: 'unsafe-inline'; img-src blob: data: https:; report-uri /csp-violation-report 1 default-src: 'self' https://c.disquscdn.com https://disqus.com script-src: 'self' https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js https://cdn-prod.opendemocracy.net/assets/js/core.min.js https://cdn.datatables.net/1.10.20/js/jquery.dataTables.js https://cdn.syndication.twimg.com/moments/ https://cdn.webpushr.com/app.min.js https://code.jquery.com/jquery-3.4.1.min.js https://comment-talk.comment.opendemocracy.net/assets/js/embed.js https://fast.a.klaviyo.com/media/js/analytics/klaviyo_analytics.js https://matomo.hactar.is/piwik.js https://mc.yandex.ru/metrika/tag.js https://opendemocracy.disqus.com/embed.js https://opendemocracy.disqus.com/combination_widget.js https://platform.twitter.com/widgets.js https://script.hotjar.com/modules.0607bc475b5a3c4f001b.js https://static.hotjar.com/c/hotjar-1946277.js https://static.klaviyo.com/onsite/js/profiling.76e929c1972a7b78f0c4.js https://support.opendemocracy.net/petitions/app.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://surveys-static.survicate.com/widget_core-8.0.5.js https://surveys-static.survicate.com/widget_core-8.0.4.js https://survey.survicate.com/workspaces/fc4c2b19a0dff663c2bee6a5137a3710/web_surveys.js https://cdn-prod.opendemocracy.net/assets/js/share.min.js?d41d8cd9 https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=YjCYwm https://cdn-prod.opendemocracy.net/assets/js/share.min.js?d41d8cd9 https://script.hotjar.com/modules.5d1cad31427a09b055ed.js https://script.hotjar.com/modules.f2a0c48472fc3a6a1664.js https://script.hotjar.com/modules.9dd23155c7d4a9746d0b.js; style-src: 'self' https://c.disquscdn.com https://cdn-prod.opendemocracy.net https://cdn.datatables.net https://platform.twitter.com https://ton.twimg.com; object-src: 'none'; base-uri: 'self'; connect-src: 'self' https://analytics.webpushr.com https://bot.webpushr.com https://fast.a.klaviyo.com https://links.services.disqus.com https://mc.yandex.ru https://stats.g.doubleclick.net https://support.opendemocracy.net https://telemetrics.klaviyo.com https://www.google-analytics.com https://in.hotjar.com https://vc.hotjar.io https://ws9.hotjar.com wss://ws9.hotjar.com; font-src: 'self' https://cdn-prod.opendemocracy.net; frame-src: 'self' https://5050.carto.com https://comment-talk.comment.opendemocracy.net https://desmog.co.uk https://disqus.com https://docs.google.com https://mc.yandex.md https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://w.soundcloud.com https://www.youtube.com; img-src: 'self' https://a.disquscdn.com https://c.disquscdn.com https://cdn-prod.opendemocracy.net https://cdn.datatables.net https://cdn.viglink.com https://cdn.webpushr.com https://links.services.disqus.com https://matomo.hactar.is https://mc.yandex.com https://mc.yandex.ru https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://ton.twimg.com https://www.google.co.uk https://www.google.com; manifest-src: 'self'; media-src: 'self'; worker-src: 'self'; report-uri /csp/report/; 1 child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp.wrike.com/csp-report?website 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-1U+PHYbMx0ci84B4/0zbkpRb4ayw84'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 script-src 'nonce-fbpl4y38WGOx8E1yjPJ0yQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/googleorg; base-uri 'none' 1 script-src 'nonce-_6Y79RCVIkbBmOaWFkAkjQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1 upgrade-insecure-requests;default-src 'self' 'nonce-yLOpOHLhBXc=' 'unsafe-inline' 'unsafe-eval' biz-file.com *.google-analytics.com *.effectivemeasure.net *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.googleapis.com *.gstatic.com *.googleadservices.com adservice.google.com adservice.google.co.za cdn.ampproject.org cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js *.iono.fm;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com cdnjs.cloudflare.com/ajax/libs/font-awesome;font-src 'self' data: *.gstatic.com;img-src 'self' data: biz-file.com *.google-analytics.com *.effectivemeasure.net *.doubleclick.net *.googlesyndication.com www.google.com;frame-ancestors 'self' *.iono.fm; 1 script-src 'self' https://d3sq5bmi4w5uj1.cloudfront.net ajax.googleapis.com https://ie7-js.googlecode.com https://cdnjs.cloudflare.com connect.facebook.net uhf.microsoft.com c.microsoft.com cs.microsoft.com c.s-microsoft.com wcpstatic.microsoft.com platform.twitter.com 'sha256-l9ZHmyP+aSQUbzDsO0Z5mU5KmeKTw7h+LYWUCcvjK/o=' 'sha256-PaS0gCgkEvlXwzUjXAo0jysAvDXOc3iIttQamgrvXk0=' 'sha256-LJOONddNtIMPVfcLsFATXyL4P23f3znxXz4FxYemkxI=' 'sha256-9iOvn7LxDLljYZpLeETJMw2obbWSDMr5bD4EvVwobT8=' 'sha256-0E0vDUBHZEKS2e6EIVqnrTnKVNyC9EkRVPrg1eYPjfk=' 'sha256-qKAjO5ncQUIDDV6E+i9Ki0B02qMSMSYn7Qz3CCeUadA=' 'sha256-e+Muvfq9cFCKaGyU2s/dw33x7jyiRjzSxMMWigxtces=' 'sha256-X13pZMYtfc8rLgpPU27DRu9ogdGOie2/WSSRXrvb4qw=' 'sha256-qBq7Yi1crTUnQMu1SOv+OLIkSbFYKoUR5uEZmtGdr18=' 'sha256-3lrmNAZ6kNZZTLuCfq9dwAOOuM3LB25Zw3lZQb6u5mA=' 'sha256-4yQMvgCymLvSmnCJ3fBR7j5ULSCezuYQiYkcA5JNVEY=' 'sha256-ktmU5paXGPR9mdN2uSWY55YcgQeImJRGVoRPrUQgASY=' 'sha256-MA2y0MDJ4KekIetpCUKmHXxHGlTrzqzVnitomCSNO14=' 'sha256-SeFjbS0LfxHLZ4dSTKm3BJQLbYE7L30x+Dieoa6QQwM=' 'sha256-SCdeHAIyndSsvnKndC84UH7e8hWXZfGZi1sXICbMEfM=' 'sha256-H/0P7dZMBnkxNkAxjKwW4ZkIbOu+jUatI5iXj220Mzw=' 'sha256-K2eMQjiqAXlEEKU1OI//ND8SNuV5nMOGNBQxtt0fK+g=' 'sha256-teb0gd16eHO96p+TWUf4Qk9ED1HJmiBTon8ooUoBh00=' 'sha256-Kdb1cN+XVz5wzuxh0LQlnyRgRjSv4+NQJ0c57mBi0pc=' 'sha256-dc0kLiLbea/nrL24ZXilOuRrs2VzRffX05RSQdgHUsU=' 'sha256-LjreJQqJjPxAIN/hThhUIWTziFE4758qAZp8fvAjruM=' 'sha256-o62lg6aR4njGCW/O+wQfymrm7gCZOXINNMAQNuD1VGM=' 'sha256-j3H8aCmyA0faDUoXS4euhLBRHBatCYqsLfaeZoZ86RQ='; style-src 'self' 'unsafe-inline' d3sq5bmi4w5uj1.cloudfront.net uhf.microsoft.com c.s-microsoft.com; img-src 'self' syndication.twitter.com analytics.twitter.com t.co uhf.microsoft.com c.microsoft.com *.facebook.com d3sq5bmi4w5uj1.cloudfront.net images.mxpnl.com wdgcdn.azureedge.net asgcdn.azureedge.net; frame-src *.facebook.com platform.twitter.com c1.microsoft.com c.bing.com; font-src 'self' data:; report-uri https://csp.skype.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MTQzNjAyNzcsNzI0NzQxNjQ2'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1 default-src 'none'; report-uri https://csp-report.wwnorton.com; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self' https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net https://stats.g.doubleclick.net; 1 default-src 'self' https://*.ru.nl/ 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ https://*.livechatinc.com/ https://connect.facebook.net/ https://*.hotjar.com/ https://secure.livechatinc.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; font-src 'self' https://fonts.gstatic.com/ https://cdn.faceworks.nl https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://script.hotjar.com/ https://*.typekit.net/ data:; img-src * data:; frame-src *; media-src https://ssl.gstatic.com/ https://cdn.livechatinc.com/ data:; connect-src 'self' https://*.ru.nl/ https://api.livechatinc.com/ https://*.hotjar.com/ https://stats.g.doubleclick.net/ https://*.hotjar.io/ https://www.google-analytics.com/ https://www.facebook.com/ wss://*.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ru.nl/ https://ajax.googleapis.com/ https://*.livechatinc.com/ https://cdn.livechatinc.com/ https://cdn.unibuddy.co/ https://connect.facebook.net/ https://*.hotjar.com/ https://secure.livechatinc.com/ https://static.hotjar.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://*.cloudflare.com/ https://widgets.getpocket.com/ blob:; script-src-elem 'self' 'unsafe-inline' https://*.ru.nl/ https://ajax.googleapis.com/ https://*.livechatinc.com/ https://connect.facebook.net/ https://*.hotjar.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://*.kaspersky-labs.com/ https://snapwidget.com/; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.ru.nl/ https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://platform.twitter.com/ https://*.twimg.com/; style-src 'self' 'unsafe-inline' https://*.ru.nl/ https://*.googleapis.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/; report-uri https://radboud.report-uri.com/r/d/csp/wizard 1 font-src 'self' d3jbm9h03wxzi9.cloudfront.net fonts.googleapis.com data: https:; img-src 'self' d3jbm9h03wxzi9.cloudfront.net s3.amazonaws.com/revue revue.imgix.net data: https:; object-src 'none'; script-src 'self' d3jbm9h03wxzi9.cloudfront.net cdn.mxpnl.com checkout.stripe.com connect.facebook.net www.google-analytics.com js.stripe.com use.typekit.net *.intercomcdn.com *.taxamo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'unsafe-eval' https: 'nonce-pfhz4le2SiZRiHmwAIgO8A=='; frame-src api.taxamo.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https:; style-src 'self' d3jbm9h03wxzi9.cloudfront.net 'unsafe-inline' https:; connect-src 'self' wss://*.intercom.io *.intercom.io *.intercomcdn.com wss://*.pusher.com https:; report-uri /csp-report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' s.ytimg.com gfmcharity.wpengine.com *.gofundme.com *.crowdrise.com unpkg.com unpkg.com/react-dom@16.12.0/umd/react-dom.production.min.js unpkg.com/react@16.12.0/umd/react.production.min.js *.hs-growth-metrics.com *.hsadspixel.net *.hubapi.com seal.verisign.com cdn.datatables.net js.hscta.net forms.hsforms.com code.jquery.com *.greenhouse.io *.googletagmanager.com www.google.com www.googletagmanager.com/gtm.js?id=GTM-TDTFTZ ssl.google-analytics.com/ga.js *charity.gofundme.com *.newrelic.com *.nr-data.net *.swiftype.com *.outbrain.com *.digicert.com *.polyfill.io *.swiftypecdn.com *.typekit.net *.bootstrapcdn.com *.jsdelivr.net *.hsforms.net *.youtube-nocookie.com *.youtube.com *.optimizely.com *.mxpnl.com *.cloudflare.com *.hsforms.net *.gstatic.com *.googleapis.com *.amazonaws.com *.mixpanel.com *.hs-scripts.com www.googleadservices.com *.adroll.com *.google.com *.gigya.com *.twitter.com *.ziggeo.com *.hubspot.com *.doubleclick.net *.facebook.com *.facebook.net static.ads-twitter.com bat.bing.com *.hsleadflows.net *.hs-analytics.net *.linkedin.com *.yahoo.com *.google-analytics.com *.alooma.com *.bizographics.com *.crowdrise.com *.licdn.com cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js twitter.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' * data:; connect-src 'self' google.com googletagmanager.com bat.bing.com *.crowdrise.com api.amplitude.com *.facebook.com analytics.google.com assets-charity.gofundme.com *.mixpanel.com *.hubapi.com *.hubspot.com *.alooma.com *.nr-data.net *.ziggeo.com *.twitter.com *.optimizely.com *.doubleclick.net *.google-analytics.com *.typekit.net api.amplitude.com *.facebook.com analytics.google.com; img-src 'self' https: data:; report-uri https://28rqy7ini0.execute-api.us-west-1.amazonaws.com/prod 1 default-src 'self' *.justanswer.com *.justanswer.local www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.justanswer.com *.justanswer.local *.criteo.net *.criteo.com www.google-analytics.com www.googletagmanager.com connect.facebook.net a.quora.com bat.bing.com tracker.marinsm.com d.impactradius-event.com cdn.mouseflow.com www.redditstatic.com; style-src 'self' 'unsafe-inline' *.justanswer.com *.justanswer.local *.googleapis.com; img-src 'self' data: https: *.justanswer.com *.justanswer.local bat.bing.com q.quora.com tracker.marinsm.com logs-01.loggly.com cx.atdmt.com; font-src data: 'self' *.justanswer.com *.justanswer.local fonts.gstatic.com; connect-src 'self' *.justanswer.com *.justanswer.local www.google-analytics.com analytics.google.com​​​​​​​ stats.g.doubleclick.net bat.bing.com n2.mouseflow.com www.facebook.com justanswer.9pctbx.net; frame-src *.justanswer.com *.justanswer.local www.facebook.com *.criteo.com *.criteo.net; report-uri https://secure.justanswer.com/processes/csp-violation.ashx 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1 connect-src 'self' https://*.ee.co.uk https://ee.co.uk https://ee-outage.s3.amazonaws.com https://everythingeverywhere.tt.omtrdc.net https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.online-metrix.net https://*.lpsnmedia.net https://*.demdex.net https://*.criteo.net https://*.criteo.com https://ee-tagging.s3.amazonaws.com https://*.liveperson.net https://*.tt.omtrdc.net https://a.optmnstr.com https://api.opmnstr.com https://*.cloudfront.net https://*.tags.tiqcdn.com https://t.co https://*.facebook.com https://*.facebook.net https://bat.bing.com https://ee-dtp-static.s3.amazonaws.com https://*.twitter.com https://*.reevoo.com https://*.ads-twitter.com https://static.queue-it.net https://*.gstatic.com https://*.googleadservices.com https://imp2.nowinteract.com https://decibelinsight.net https://www.googleapis.com https://btbusiness.d1.sc.omtrdc.net https://i.salecycle.com https://www.googletagmanager.com https://translate.googleapis.com https://myaccount.ee.co.uk https://*.akamaihd.net https://collection.decibelinsight.net https://cdn.decibelinsight.net https://api.uniqodo.com https://ws.sessioncam.com https://dpm.demdex.net https://ajax.googleapis.com https://btbsecure.business.bt.com https://wmstatic.global.ssl.fastly.net https://skynet.reevoo.com https://code.jquery.com https://ee.15gifts.com wss://cdn.decibelinsight.net; default-src 'self' https://ee.co.uk https://*.ee.co.uk; frame-src 'self' https://*.ee.co.uk https://ee.co.uk https://*.doubleclick.net https://*.lpsnmedia.net https://*.demdex.net https://*.criteo.net https://*.criteo.com https://*.google.com https://*.facebook.com https://*.facebook.net https://plugin.monotote.com https://server.lon.liveperson.net https://saltcdn2.googleapis.com https://ee.real-digital.co.uk https://syndication.twitter.com https://www.youtube.com https://ee.cloud-iq.com https://d16fk4ms6rqz1v.cloudfront.net https://platform.twitter.com https://*.akamaihd.net https://ee-embedded.myunidays.com https://3796688.fls.doubleclick.net https://www.myunidays.com https://lo.tokenizer.liveperson.net https://tpc.googlesyndication.com https://saltcdn2.instagram.com https://social.hotukdeals.com https://gateway.zscalerone.net https://prod-browsext.pricesearcher.com https://app.wizdom.ai https://noop.style https://www.hotukdeals.com https://sitecatalyst.omniture.com https://authorize.omniture.com https://lo.v.liveperson.net; media-src 'self' https:; img-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ee.co.uk https://ee.co.uk https://*.doubleclick.net https://track.uniqodo.com https://*.criteo.net https://*.criteo.com https://a.optmnstr.com https://*.tt.omtrdc.net https://*.facebook.net https://*.liveperson.net https://*.tags.tiqcdn.com https://ee-tagging.s3.amazonaws.com https://ee-dtp-static.s3.amazonaws.com https://*.twitter.com https://bat.bing.com https://*.cloudfront.net https://www.googleadservices.com https://*.google-analytics.com https://static.ads-twitter.com https://static.queue-it.net https://eeuk.queueit.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ee.cloud-iq.com https://tags.tiqcdn.com https://rules.quantcount.com https://www.dwin1.com https://adobedtm.com https://*.adobedtm.com https://ads.avocet.io https://ct.pinterest.com https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com https://cdn.nowinteract.com https://sc-static.net https://vip.timezonedb.com https://medallia.eu https://track.adform.net https://cm.everesttech.net https://plugin.monotote.com https://www.youtube.com https://snap.licdn.com https://s.ytimg.com https://ee.15gifts.com https://btbusiness.d1.sc.omtrdc.net https://www.googleadservices.com https://gdata.youtube.com https://bat.bing.com https://secure.quantserve.com https://px.ads.linkedin.com https://vimeo.com https://connect.facebook.net https://ee-tagging.s3.amazonaws.com https://www.linkedin.com https://cdn.syndication.twimg.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.zenaps.com https://lptag.liveperson.net https://d2oh4tlt9mrke9.cloudfront.net https://twitter.com https://cdn.decibelinsight.net https://assets.revlifter.io https://*.akamaihd.net https://ee.cloud-iq.com https://platform.twitter.com https://www.googletagmanager.com https://www.dwin1.com https://smetrics.ee.co.uk https://rialto-gms.s3.amazonaws.com https://tpc.googlesyndication.com https://vimeo.com https://beta.mybetterdl.com https://rules.quantcount.com https://ws.sessioncam.com https://decibelinsight.net https://analytics.twitter.com https://cdn.walkme.com https://static.ads-twitter.com https://c.cnzz.com https://*.lpsnmedia.net https://cdnjs.cloudflare.com https://p0.mycdn.co https://mark.reevoo.com https://p294588.clksite.com; object-src 'self' https://ee.co.uk https://*.ee.co.uk; style-src 'self' https: 'unsafe-inline'; font-src 'self' https:; report-uri https://example.com 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-r7BlHfdeuglNgSUKNtTQQ/tDROvFS9'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 report-uri https://www.yelp.com/csp_report_only?id=690351291bd2674c&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618356014; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://us-central1-shinesumoplus.cloudfunctions.net/report-uri 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'none'; connect-src https:; font-src https: data:; frame-src https://*.brightcove.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.virtuosity.com https://*.cookiebot.com; frame-ancestors 'self' *.bentley.com; img-src 'self' https: data:; manifest-src 'self'; media-src blob: https:; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' 'nonce-vOQeWDTgNZYCbXqyIgYv1BhZ' 'sha256-o6YiiBH6VxswP8cekM7K4DUXxiVPGl4X8eduPJoVNSE=' 'sha256-UITiqbXyaWS7NpwiFrMIbdXAZy5EXLRUHkpylF4504k=' 'sha256-p6olJkA+hx/FxvTK4y889P3cn+jxYEXfy77ezJeRQtc=' 'sha256-Ik0xGtETbCM1oULgoyl5rM7dIL4fGmX4LGUU9TN+1BY=' 'sha256-3Y6tvqiOCz5Lo4SSf6H4QXuaBlQmhUua44TGYbHF2U8=' 'sha256-p6olJkA+hx/FxvTK4y889P3cn+jxYEXfy77ezJeRQtc=' 'sha256-8yUC3qRvLTC6Fx7xk2b9ahRI0RJqzO373sBmczAN2U0=' 'sha256-jwXZ9FKuLM0EY2wETA7JTE+YFu2Z7N+S1g7Rn5Nbm98=' 'strict-dynamic'; style-src https: 'self' 'unsafe-inline'; report-uri https://52ab12043ca8bf7f5de1e93eecabdcb7.report-uri.com/r/d/csp/reportOnly 1 frame-ancestors 'self'; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.playwire.com https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://cdn.intergi.com https://*.playwire.com https://*.stripe.com https://*.abcya.com https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://cdn.intergi.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://intergi-phoenix.s3.amazonaws.com https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self'; object-src https://*.abcya.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://adservice.google.com https://cdn.ampproject.org https://cdn.intergi.com https://cdn.intergient.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://cdn.intergi.com https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1 script-src 'strict-dynamic' 'nonce-MzI5ODQ1NzEwMSwyNDA1NjE3OTQy'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MzU3MDg1MTI4MywxNDg3NDY1OTY0'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 script-src 'self' *.edpuzzle.com 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com; report-uri /api/v3/violations/csp 1 default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.sumologic.com sentry.io *.sentry-cdn.com wss: wss://*.pusher.com slack.com github.com exist.io *.visualwebsiteoptimizer.com app.vwo.com logo.clearbit.com *.ubembed.com *.userleap.com *.usersnap.com; font-src 'self' data: fonts.gstatic.com app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; form-action 'self' *.welltory.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; img-src 'self' data: assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com *.visualwebsiteoptimizer.com app.vwo.com track.customer.io secure.gravatar.com logo.clearbit.com *.ubembed.com *.userleap.com *.usersnap.com; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io *.ubembed.com *.userleap.com *.usersnap.com *.sentry-cdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com s.go-mpulse.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com s.go-mpulse.net; script-src-elem 'self' 'unsafe-inline' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com s.go-mpulse.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.dynamicyield.com fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' *.dynamicyield.com; frame-ancestors 'self' 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1 block-all-mixed-content ; report-uri /csp-reports ; report-to csp-endpoint ; default-src 'self' *.prismic.io https://www.google.com/recaptcha/ ; connect-src 'self' *.prismic.io events.mediarithmics.com ; img-src 'self' data: *.prismic.io www.google-analytics.com ib.adnxs.com o.adhslx.com fonts.gstatic.com https://www.gstatic.com/recaptcha/ events.mediarithmics.com cookie-matching.mediarithmics.com x.bidswitch.net pixel.rubiconproject.com simage2.pubmatic.com ; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prismic.io www.google-analytics.com www.googletagmanager.com www.gstatic.com https://www.google.com/recaptcha/ static.mediarithmics.com cookie-matching.mediarithmics.com ib.adnxs.com cm.g.doubleclick.net ; font-src 'self' *.prismic.io fonts.gstatic.com 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; cdn-apple.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://js.stripe.com/v3/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://assets.bwbx.io https://developer.apple.com https://images.ctfassets.net https://images.unsplash.com/ https://lh3.googleusercontent.com https://nftgimagebucket.s3-us-west-1.amazonaws.com https://pixel.nymag.com https://res.cloudinary.com https://media.niftygateway.com https://s3-us-west-1.amazonaws.com https://www.facebook.com/tr/ https://www.google-analytics.com/; connect-src https://api.niftygateway.com https://host-vdgrw7.api.swiftype.com https://notify.bugsnag.com https://sessions.bugsnag.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com; font-src https://fonts.gstatic.com 'self'; object-src 'self'; media-src https://res.cloudinary.com/nifty-gateway/ https://media.niftygateway.com; frame-src https://vars.hotjar.com https://js.stripe.com/v3/; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-tG9Fx3CW1MtzW5kVPg80' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1 default-src blob: data: https: 'self' wss:; script-src blob: data: https: 'self' wss: 'unsafe-eval' 'unsafe-inline'; style-src blob: data: https: 'self' wss: 'unsafe-inline'; report-uri https://everlane.report-uri.com/r/d/csp/reportOnly 1 media-src 'self'; frame-ancestors 'self'; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com; connect-src 'self' https:; child-src https:; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; default-src 'self' 1 default-src https: 'unsafe-eval' 'unsafe-inline'; 1 block-all-mixed-content;default-src 'self';img-src 'self' https://images.opencollective.com data: *.paypal.com opencollective.com blob: opencollective-production.s3.us-west-1.amazonaws.com opencollective-production.s3-us-west-1.amazonaws.com;worker-src 'self' blob:;style-src 'self' 'unsafe-inline' *.braintreegateway.com;connect-src 'self' https://api.opencollective.com https://pdf.opencollective.com wtfismyip.com *.paypal.com *.paypalobjects.com sentry.io *.sentry.io country-service.shopifycloud.com *.braintreegateway.com *.braintree-api.com;script-src 'self' 'unsafe-inline' maps.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com js.braintreegateway.com;frame-src www.youtube.com opencollective.com js.stripe.com *.paypal.com *.openstreetmap.org assets.braintreegateway.com;object-src opencollective.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MzU1MzkwNTk5MiwyNjkxMTU3OTg0'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1 script-src 'nonce-IfUFNLOvAarTkRR0vkr2_Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/safety_google; base-uri 'none' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.stackadapt.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 default-src 'self' https:; base-uri 'none'; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; img-src https://tarteaucitron.io https://ssl.google-analytics.com https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; plugin-types video/*; script-src https://tarteaucitron.io https://www.google-analytics.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; style-src https://cdn.jsdelivr.net https://tarteaucitron.io https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; report-uri /csp/report 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-caRwVPoJf0nqCIHWgkDt6uluWPCHBY'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.chatlio.com https://maxcdn.bootstrapcdn.com https://js.intercomcdn.com data: https://fonts.gstatic.com ; connect-src https://bam.nr-data.net https://fonts.gstatic.com wss://ws.pusherapp.com https://*.chatlio.com wss://*.intercom.io https://*.intercom.io https://*.algolia.com https://insights.algolia.io https://*.algolia.net https://*.algolianet.com https://insights.hotjar.com wss://*.hotjar.com https://*.kissmetrics.com https://vimeo.com https://*.pingdom.net https://api.segment.io https://api.amplitude.com/ https://sentry.io https://*.getbeamer.com wss://*.getbeamer.com https://*.mktoresp.com ; report-uri https://algolia.report-uri.io/r/default/csp/reportOnly 1 default-src 'self' *.gstatic.com *.googleapis.com *.google.com *.google.co.jp *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net *.facebook.com platform.twitter.com www.paydesign.jp reserva.be *.reserva.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.google.com *.google.co.jp *.googleapis.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.googletagservices.com *.googletagmanager.com tagmanager.google.com s.yimg.jp *.yahoo.co.jp connect.facebook.net *.twitter.com *.ads-twitter.com *.a8.net *.atown.jp *.felmat.net a.o2u.jp beacon.digima.com cmkt.jp beacon.digima.com d.line-scdn.net in.treasuredata.com js.fout.jp js.ptengine.jp kitchen.juicer.cc static.criteo.net sslwidget.criteo.com sync.im-apps.net *.socdm.com af.tosho-trading.co.jp cdn.audiencedata.net cdn.smartnews-ads.com cdn.treasuredata.com js.crossees.com s.dc-tag.jp tags.bkrtx.com www.paydesign.jp; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.gstatic.com www.paydesign.jp; img-src 'self' *.google.com *.google.co.jp googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.facebook.com *.yahoo.co.jp a.ddli.jp a.o2u.jp b.audiencedata.net cnt.fout.jp cm.g.doubleclick.net i.smartnews-ads.com in.treasuredata.com t.co tags.bluekai.com tg.socdm.com data: ; font-src 'self' *.googleapis.com www.paydesign.jp fonts.gstatic.com data: ; report-uri https://reserva.be/csp-report ; 1 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: connect.facebook.net maps.googleapis.com js.adsrvr.org moneygram.force.com six.cdn-net.com ut.ra.linksynergy.com config1.veinteractive.com tags.tiqcdn.com js-agent.newrelic.com songbird.cardinalcommerce.com sp.analytics.yahoo.com sc-static.net bat.bing.com deviceauth.moneygram.com includes.ccdc02.com *.salesforceliveagent.com www.google.com tag.rmp.rakuten.com files1.cybba.solutions d.turn.com *.doubleclick.net asset.gomoxie.solutions www.googleadservices.com app.cybba.solutions tags.rd.linksynergy.com www.gstatic.com consent.trustarc.com js.smct.io www.googletagmanager.com pixel.mathtag.com s.yimg.com storage.googleapis.com secure.adnxs.com smct.co bam.nr-data.net www.google-analytics.com; form-action www.facebook.com 0eaf.cardinalcommerce.com tr.snapchat.com deviceauth.moneygram.com *.salesforceliveagent.com connect.facebook.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ut.ra.linksynergy.com *.doubleclick.net webv2cmsprod.aws.moneygram.com pixel.mathtag.com consent.linksynergy.com maps.gstatic.com tr.snapchat.com ups.analytics.yahoo.com bat.bing.com www.google.de r.turn.com sp.analytics.yahoo.com px2.smct.co moneygram.force.com cdn.honey.io www.facebook.com dpm.demdex.net www.google.fr www.google.co.uk cdn.smct.io connect.facebook.net insight.adsrvr.org www.google.com maps.googleapis.com consent-pref.trustarc.com idsync.rlcdn.com www.google.ca *.amazonaws.com www.googletagmanager.com pixel.rubiconproject.com tags.rd.linksynergy.com www.google-analytics.com consent.trustarc.com www.gstatic.com bam.nr-data.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consumerapi.moneygram.com location.gomoxie.solutions writer.cardinalcommerce.com api.ipify.org ipl.smct.io adservice.google.com www.google.com js.smct.io s.yimg.com *.amazonaws.com bam.nr-data.net www.google-analytics.com centinelapi.cardinalcommerce.com *.doubleclick.net webv2cmsprod.aws.moneygram.com pro.ip-api.com asset.gomoxie.solutions www.facebook.com sessionapi.veinteractive.com collect.tealiumiq.com ipb.smct.io bat.bing.com cookiee1.veinteractive.com moneygram.force.com events-moneygram.gomoxie.solutions; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: connect.facebook.net moneygram.force.com cj.dotomi.com match.adsrvr.org www.emjcd.com www.facebook.com 1eaf.cardinalcommerce.com smct.co deviceauth.moneygram.com tags.rd.linksynergy.com consent.trustarc.com 0eaf.cardinalcommerce.com config1.veinteractive.com tr.snapchat.com www.google.com asset.gomoxie.solutions *.doubleclick.net centinelapi.cardinalcommerce.com insight.adsrvr.org; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.honey.io fonts.googleapis.com use.fontawesome.com moneygram.force.com asset.gomoxie.solutions; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com use.fontawesome.com moneygram.force.com cdn.honey.io; report-uri /csp_report 1 img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://*.smallcase.com https://in1.wzrkt.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://cdn4.mxpnl.com https://cdn.mxpnl.com https://static.hotjar.com https://d2r1yp2w7bby2u.cloudfront.net http://static.clevertap.com https://app.link https://script.hotjar.com https://static.hotjar.com https://www.youtube.com/iframe_api https://s.ytimg.com https://apis.google.com https://connect.facebook.net https://checkout.razorpay.com/v1/razorpay.js https://api.razorpay.com https://*.gateway-tt.in 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https://*.tickertape.in http://*.tickertape.in https://*.smallcase.com https://s3.ap-south-1.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://pocket-image-cache.com https://*.ytimg.com https://script.hotjar.com https://premium.thehindubusinessline.com https://thehindubusinessline.com https://thehindu.com https://www.thehindu.com https://www.thehindubusinessline.com https://*.reutersmedia.net https://img.youtube.com https://www.facebook.com https://cdn.razorpay.com; connect-src https://*.tickertape.in http://*.tickertape.in wss://*.tickertape.in https://*.smallcase.com https://www.google-analytics.com https://www.googletagmanager.com https://*.branch.io https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://stats.g.doubleclick.net https://graph.facebook.com https://api.razorpay.com https://s3-ap-southeast-1.amazonaws.com; frame-src https://connect.smallcase.com https://connect.smallca.se https://vars.hotjar.com https://www.googletagmanager.com https://accounts.google.com https://www.youtube.com https://vars.hotjar.com https://api.razorpay.com https://*.gateway-tt.in; font-src 'self' https://script.hotjar.com; object-src 'none' 1 default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com c7.avaamo.com c7avaamo.s3-us-west-2.amazonaws.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1 connect-src 'self' *.crazyegg.com *.demdex.net *.doubleclick.net *.forter.com *.tt.omtrdc.net about adservice.google.com api.bazaarvoice.com apps.bazaarvoice.com b.px-cdn.net bam-cell.nr-data.net bam.nr-data.net bat.bing.com cdn0.forter.com cdn3.forter.com cdn9.forter.com cdncache-a.akamaihd.net collector-pxff0j69t5.perimeterx.net collector-pxff0j69t5.px-cdn.net collector-pxff0j69t5.px-cloud.net collector-pxff0j69t5.pxchk.net ct.pinterest.com d2o5idwacg3gyw.cloudfront.net dpm.demdex.net freakarcade.com googleads4.g.doubleclick.net https://dpm.demdex.net https://totalwine.tt.omtrdc.net in.visitors.live in.visitors.live ipapi.co network-a.bazaarvoice.com network.bazaarvoice.com pagead2.googlesyndication.com pubsub.googleapis.com recs.richrelevance.com rh.nexus.bazaarvoice.com settings.luckyorange.net siteintercept.qualtrics.com smetrics.totalwine.com stats.g.doubleclick.net stg.api.bazaarvoice.com subwayblaze.com totalwine.com totalwine.tt.omtrdc.net tracking.crazyegg.com trc-events.taboola.com trc.taboola.com us-central1-adaptive-growth.cloudfunctions.net vimeo.com wss://cdn0.forter.com wss://in.visitors.live wss://visitors.live www.facebook.com www.google-analytics.com www.google.com www.totalwine.com; report-uri https://csp.px-cloud.net/report?report=1&id=2e0fdd37c148a42f89a02505fdb33e8f&app_id=PXFF0j69T5 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net d34s7xanp5e5sf.cloudfront.net www.gstatic.com js.stripe.com *.googleapis.com www.google.com compilers.widgets.sphere-engine.com; connect-src 'self' wss://push.piazza.com api.stripe.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org; report-uri /security/csp_report 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 script-src 'nonce-46ab42a9-8946-459c-b617-5d29b161f475' https:; report-uri https://ort.wellsfargo.com/reporting/csp 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample'; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com https://*.zuora.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data:; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.zuora.com 'report-sample'; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1 default-src 'self' https://*.stan.com.au; child-src 'self' https://www.youtube.com; connect-src 'self' blob: https://*.stan.com.au https://payments.braintree-api.com https://*.braintreegateway.com https://*.paypal.com https://*.adyen.com https://*.akamaihd.net https://www.facebook.com https://bat.bing.com https://*.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; form-action 'self' https://*.stan.com.au https://www.facebook.com; font-src 'self' data:; frame-src 'self' https://checkoutshopper-live-au.adyen.com https://www.facebook.com https://*.paypal.com https://platform.twitter.com https://*.doubleclick.net https://www.youtube.com; img-src 'self' blob: data: https://*.stan.com.au https://*.akamaihd.net https://www.google-analytics.com https://*.google.com https://*.google.com.au https://www.facebook.com https://*.paypal.com https://*.doubleclick.net https://www.googletagmanager.com https://bat.bing.com https://t.co https://i.ytimg.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data https://*.stan.com.au https://www.googletagmanager.com https://connect.facebook.net https://*.snplow.net https://www.google-analytics.com https://static.ads-twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://*.adyen.com https://www.paypalobjects.com https://www.paypal.com https://c.paypal.com https://bat.bing.com https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.stan.com.au https://cloud.typography.com; report-uri https://api.stan.com.au/features/v1/collect-csp; 1 frame-ancestors 'self'; report-uri https://mizar.unive.it/alvise.rabitti/cspreport/report.php; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1 frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=website-grader-ui/static-1.476/html/public-en.html&cfRay=63f8c9e1aa7c6e3c-IAD 1 default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1 default-src 'self' data: mediastream: blob: 'unsafe-inline' 'unsafe-eval' inline *.ibytedtos.com *.isnssdk.com *.resso.app resso.app *.resso.me *.snssdk.com *.byteoversea.net *.ibyteimg.com *.ipstatp.com *.tiktokv.com *.byteoversea.com;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=m_home 1 font-src 'self' data: 'unsafe-inline' data: *.gstatic.com *.bootstrapcdn.com *.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.doubleclick.net *.affirm.com *.stripe.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.cloudfront.net *.bing.com *.google.com *.pinterest.com *.facebook.com *.facebook.net *.amazonaws.com *.amazon-adsystem.com *.shareasale-analytics.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com *.cricut.com *.cloudfront.net *.googletagmanager.com *.slgnt.us *.stripe.com *.affirm.com *.zdassets.com *.facebook.com *.facebook.net *.crazyegg.com *.google.com *.bing.com *.pinimg.com *.windows.net *.doubleclick.net *.polyfill.io *.cloudflare.com *.googleapis.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cloudfront.net *.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.slgnt.us *.affirm.com *.zdassets.com *.zendesk.com *.zopim.com *.pinterest.com *.doubleclick.net *.google-analytics.com *.facebook.com *.facebook.net *.crazyegg.com *.cloudfront.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'self'; report-uri https://o454972.ingest.sentry.io/api/5464239/csp-report/?sentry_key=1eb41851e6a44bd39f12e47f6de24633 1 connect-src *.litix.io *.pusher.com 729-jty-427.mktoresp.com 729-jty-427.mktoutil.com api.bench.co api.segment.io bat.bing.com bench.co boards-api.greenhouse.io cdn.contentful.com cdn.getambassador.com content.proof-x.com data.cdnbasket.net distillery.wistia.com embed.wistia.com embedwistia-a.akamaihd.net https://*.hotjar.com https://heapanalytics.com ids.cdnwidget.com page.cdnbasket.net pipedream.wistia.com pro.ip-api.com requests.getambassador.com stats.g.doubleclick.net vc.hotjar.io view.cdnbasket.net ws://ws.pusherapp.com wss://*.hotjar.com wss://ws.pusherapp.com www.facebook.com www.google-analytics.com www.google.com; font-src bench-assets.imgix.net data: fonts.gstatic.com https://heapanalytics.com script.hotjar.com; frame-src app-ab17.marketo.com bid.g.doubleclick.net boards.greenhouse.io js.driftt.com vars.hotjar.com www.facebook.com www.youtube.com; img-src 'self' * alb.reddit.com app-ab17.marketo.com bat.bing.com bench-assets.imgix.net cx.atdmt.com data: e.cdnwidget.com embed.wistia.com fast.wistia.com hi.hellobar.com https://heapanalytics.com i.ytimg.com images.ctfassets.net s3.amazonaws.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.googletagmanager.com; media-src blob: embed.wistia.com embedwistia-a.akamaihd.net; report-uri https://api.bench.co/api/v1/cspreport.json; script-src 'self' 'unsafe-eval' 'unsafe-inline' app-ab17.marketo.com bat.bing.com boards.greenhouse.io cdn.getambassador.com cdn.proof-x.com cdn.segment.com connect.facebook.net fast.wistia.com googleads.g.doubleclick.net https://cdn.heapanalytics.com https://heapanalytics.com js.driftt.com mbsy.co munchkin.marketo.net my.hellobar.com pixel.cdnwidget.com script.hotjar.com static.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'unsafe-inline' app-ab17.marketo.com bench.co fonts.googleapis.com https://heapanalytics.com; worker-src blob: 1 default-src * data: blob: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval' *.eurostar.com scripts.eurostar.tech analytics.twitter.com bat.bing.com beacon.krxd.net cdn.kommunicate.io cdn.applozic.com cdn.krxd.net connect.facebook.net consumer.krxd.net eus.cdn-v3.conductrics.com googleads.g.doubleclick.net polyfill.io rules.quantcount.com s.yimg.com sc-static.net secure.quantserve.com sp.analytics.yahoo.com static.ads-twitter.com tag.yieldoptimizer.com tags.tiqcdn.com visitor-service-eu-west-1.tealiumiq.com w.usabilla.com widget.kommunicate.io www.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.googletagservices.com ad.doubleclick.net www.paypal.com www.googleadservices.com maps.googleapis.com apply.workable.com snap.licdn.com; connect-src 'self' https: *.eurostar.com bat.bing.com collect-eu-west-1.tealiumiq.com c.contentsquare.net www.google-analytics.com cdn.kommunicate.io api.kommunicate.io chat.kommunicate.io www.paypal.com googleads4.g.doubleclick.net api.rollbar.com www.facebook.com r.contentsquare.net bots.applozic.com stats.g.doubleclick.net wss://socket5.applozic.com wss://socket.applozic.com:80 adservice.google.com pagead2.googlesyndication.com jslog.krxd.net t.co beacon.krxd.net www.bing.com pubads.g.doubleclick.net; report-uri https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV2FbC9Ij83SGE3iTXUOUwHd6irC7dEd3crCFxWV0sz34YKvdRhl7b2Pwk5pss2m6jkp8P_KsP_DDMThVLr-k4csrE-WmpY1fji3919gGLcEhQ== 1 frame-src *.trudvsem.ru; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nr-data.net *.paypalobjects.com *.analytics-egain.com *.trustpilot.com *.newrelic.com *.kk-resources.com *.redditstatic.com *.chainreactioncycles.com *.google.com *.criteo.net *.melissadata.net *.mention-me.com *.bazaarvoice.com www.zenaps.com *.scene7.com the.sciencebehindecommerce.com *.adyen.com seal.digicert.com vars.hotjar.com *.hotjar.com *.criteo.com lantern.roeyecdn.com *.cloudfront.net *.bing.com tracker.marinsm.com *.facebook.net *.trustarc.com *.google-analytics.com www.googletagmanager.com *.scene7.com www.dwin1.com www.googleoptimize.com data:; style-src * 'unsafe-inline'; default-src *.melissadata.net *.sciencebehindecommerce.com *.truste.com *.chainreactioncycles.com *.facebook.com *.hotjar.com *.hotjar.io *.gstatic.com *.bing.com *.googleapis.com *.trustarc.com *.google-analytics.com *.cloudfront.net *.googleoptimize.com; img-src * data:; object-src 'none'; connect-src * ; frame-src * data:; script-src-elem 'unsafe-inline' *.chainreactioncycles.com *.digicert.com *.criteo.com *.google.com *.kk-resources.com www.redditstatic.com analytics.analytics-egain.com js-agent.newrelic.com widget.trustpilot.com bam.nr-data.net www.paypalobjects.com www.googleoptimize.com lantern.roeyecdn.com www.googleadservices.com media.chainreactioncycles.com tracker.marinsm.com *.adyen.com sslwidget.criteo.com *.bazaarvoice.com *.hotjar.com *.googletagmanager.com bat.bing.com www.zenaps.com *.cloudfront.net static.criteo.net *.google-analytics.com www.dwin1.com *.mention-me.com *.facebook.net *.trustarc.com the.sciencebehindecommerce.com *.scene7.com mpsnare.iesnare.com seal.digicert.com9 data:; style-src-elem * 'unsafe-inline'; font-src * data: ; media-src * data:; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri /csp-report.jsp; 1 script-src 'nonce--X55YbVKNfOCSiJcH4iIaQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ca&source%5Bsection%5D=brochure&source%5Buuid%5D=2417c1c137a9a6c7c12c8c3d117398f5 1 base-uri 'none'; default-src 'none'; manifest-src 'self'; script-src 'nonce-R8d//VRIDace/V/Rji+QYA==' 'unsafe-inline' 'wasm-eval' 'self' http://amcdn.msftauth.net https://amcdn.msftauth.net https://ajax.aspnetcdn.com https://*.office365.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net https://officefluidprodversionedcdn.azureedge.net https://officefluidprodverizoncdn.azureedge.net report-sample; style-src 'unsafe-inline' 'self' https://shell.cdn.office.net https://shellppe.cdn.office.net report-sample; font-src 'self' data: https://*.akamaihd.net https://static2.sharepointonline.com; img-src 'self' blob: data: https://*.officeppe.com https://*.office.com https://*.office365.com https://outlook.live.com https://*.vo.msecnd.net https://*.teams.microsoft.com https://*.officeapps.live.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://outlook.office365.com https://shell.cdn.office.net https://shellppe.cdn.office.net; connect-src 'self' blob: https://login.windows.net https://login.windows-ppe.net https://graph.microsoft.com wss://whiteboard.microsoft.com/sync https://graph.windows.net https://graph.ppe.windows.net https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com https://*.office.com https://*.officeppe.com https://*.officeapps.live.com https://outlook.office365.com https://outlook.live.com https://config.edge.skype.net https://config.edge.skype.com https://browser.pipe.aria.microsoft.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net https://*.sharepoint.com https://*.sharepoint-df.com https://*.spoppe.com https://*.teams.microsoft.com https://www.odwebp.svc.ms https://od.apps.mil https://admin.onedrive.us ws://*.svc.ms https://officefluidprodversionedcdn.azureedge.net https://officefluidprodverizoncdn.azureedge.net;frame-src 'self' https://login.windows.net/ https://*.officeppe.com https://*.office.com https://*.spoppe.com https://login.microsoftonline.com https://microsoft.sharepoint-df.com https://microsoft.sharepoint.com https://www.odwebp.svc.ms https://od.apps.mil https://admin.onedrive.us https://www.yammer.com; frame-ancestors 'self' https://teams.microsoft.com; form-action 'none'; upgrade-insecure-requests; report-uri /cspreport 1 default-src 'none'; script-src 'self'; connect-src 'self' https://*.goguardian.com; img-src 'self' https://*.goguardian.com; style-src 'self'; report-uri https://casper.goguardian.com/csp-report 1 default-src 'self' *.tapd.cn; connect-src http: https: ws: wss:; script-src 'nonce-7c5e897db4eec1e16e0dd363fdb9' 'self' 'unsafe-inline' 'unsafe-eval' *.tapd.cn bqq.gtimg.com t.gdt.qq.com admin.qidian.qq.com da.qidian.qq.com open.txdocs.qq.com; style-src 'self' 'unsafe-inline' *.tapd.cn open.txdocs.qq.com; img-src 'self' *.tapd.cn pingtcss.qq.com report.huatuo.qq.com badjs2.qq.com da.qidian.qq.com pingtas.qq.com open.txdocs.qq.com data:; font-src 'self' *.tapd.cn data:; worker-src 'self' *.tapd.cn blob:; child-src 'self' *.tapd.cn blob:; frame-src 'self' *.tapd.cn *.woa.com *.tapd.woa.com admin.qidian.qq.com webpage.qidian.qq.com open.txdocs.qq.com; report-uri https://aq.qq.com/cn2/manage/mbtoken/hijack_csp_report 1 style-src 'unsafe-inline' 'self' https://webapi.amap.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://webapi.amap.com https://restapi.amap.com https://g.alicdn.com ext: null: chrome-extension: https://*.meituan.net https://*.meituan.com https://*.sankuai.com; frame-src 'self' dxwebview: mailto: chrome-error: ms-appx-web: mtdaxiang: https://*.neixin.cn https://*.sankuai.com https://*.meituan.com https://*.meituan.net http://*.meituan.net http://*.sankuai.com http://*.neixin.cn https://*.dianping.com https://*.dper.com; img-src data: 'self' blob: https://pub.idqqimg.com https://restapi.amap.com x-apple-ql-id: about: http://paas.sankuai.info http://yiju.beyondh.com javascript: http://fanxiaojian.cn http://pig.sankuai.info http://mtguest.sankuai.info http://www.beyondh.com http://*.test.beyondh.com http://*.sankuai.com https://*.neixin.cn http://*.meituan.net https://*.meituan.net https://*.meituan.com http://*.meituan.com http://*.neixin.cn https://*.dpfile.com https://*.sankuai.com https://*.dianping.com http://*.dianping.com http://*.dpfile.com http://*.dper.com; style-src-elem 'self' 'unsafe-inline' https://webapi.amap.com data: https://*.neixin.cn https://*.meituan.net; style-src-attr 'unsafe-inline'; connect-src 'self' http://mtguest.sankuai.info wss://*.neixin.cn https://*.meituan.net https://*.meituan.com https://*.neixin.cn https://*.dianping.com https://*.sankuai.com http://*.meituan.net; script-src-attr 'unsafe-inline'; child-src 'self' blob:; worker-src 'self' blob:; script-src-elem 'unsafe-inline' 'self' https://g.alicdn.com https://restapi.amap.com https://webapi.amap.com https://*.meituan.net https://*.meituan.com https://*.neixin.cn https://*.sankuai.com; media-src 'self' data: https://*.neixin.cn http://*.meituan.net https://*.meituan.com; prefetch-src http://*.meituan.com; default-src 'none'; font-src 'self' data: about: https://*.meituan.net; report-uri https://csp.sankuai.com/csp-report/NA0OCP8Q 1 policy 1 default-src 'self'; script-src 'self' *.crex24.com *.google-analytics.com https://www.google-analytics.com/analytics.js *.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com ton.twimg.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com wss://crex24.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/ https://xslotframe1.com/; report-uri /api/report-csp1/ 1 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://pp.ephapay.net/ https://pp.eshapay.net/ https://scripts.agilone.com/ https://widget.trustpilot.com/ https://edigitalsurvey.com/ https://static.addtoany.com/ https://c.paypal.com/ https://www.paypal.com https://www.paypalobjects.com/ https://www.sandbox.paypal.com/ https://www.zenaps.com/ https://www.youtube.com/ https://*.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://*.hotjar.com/ https://s.salecycle.com https://www.googletagmanager.com/ https://www.google.com https://*.customizer.cadesignform.dk/ https://static.criteo.net/ https://www.youtube-nocookie.com/ https://d16fk4ms6rqz1v.cloudfront.net/ https://*.arcot.com/ https://www.securesuite.co.uk/ https://www.clicksafe.lloydstsb.com/ https://secure.barclaycard.co.uk https://*.photorank.me/; report-uri https://csp-violations.external.wickes.co.uk 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.in&source%5Bsection%5D=brochure&source%5Buuid%5D=3194544ca424e8b55581292447465ec4 1 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 1 default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com www.linkedin.cn static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com snap.licdn.cn platform.linkedin.cn platform-akam.linkedin.cn platform-ecst.linkedin.cn platform-azur.linkedin.cn static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; media-src dms.licdn.com *.lynda.com dms.licdn.cn; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com www.linkedin.com www.slideshare.net *.megaphone.fm msit.powerbi.com app.powerbi.com linkedin.github.io www.linkedin.cn; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=gm 1 base-uri 'self'; child-src 'self' blob: ; manifest-src 'self'; object-src 'self'; form-action 'self'; frame-src microsites.raiffeisen.ch activitymap.adobe.com authorize.omniture.com sitecatalyst.omniture.com cdn.tt.omtrdc.net media10.simplex.tv nubes.simplex.tv ; report-uri https://api.rreports.ch/svreport/v1/api/wwwrch/csp ; worker-src 'self'; 1 default-src 'none'; style-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' 'unsafe-inline' https://use.typekit.net; form-action 'self' https://okfn.us9.list-manage.com; font-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' data: https://use.typekit.net https://themes.googleusercontent.com; img-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com; script-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' 'unsafe-inline' https://js-agent.newrelic.com https://www.google-analytics.com https://use.typekit.net https://bam.nr-data.net https://downloads.mailchimp.com https://s3.amazonaws.com/downloads.mailchimp.com *.list-manage.com; report-uri https://report-uri.io/report/3b3ae25e9e4ccf5f28ea8bef8e70fc63/reportOnly 1 frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: platform.twitter.com www.youtube.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com fonts.googleapis.com platform.twitter.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com content.totalwar.com; form-action syndication.twitter.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com *.doubleclick.net bam-cell.nr-data.net apikeys.civiccomputing.com www.google-analytics.com bat.bing.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com content.totalwar.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com www.facebook.com abs.twimg.com t.co pbs.twimg.com syndication.twitter.com cdn.creative-assembly.com platform.twitter.com www.google.com www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.syndication.twimg.com static.ads-twitter.com www.google-analytics.com player.twitch.tv content.totalwar.com www.googletagmanager.com www.redditstatic.com bat.bing.com secure-ds.serving-sys.com platform.twitter.com www.google.com cc.cdn.civiccomputing.com bam-cell.nr-data.net connect.facebook.net www.youtube.com; report-uri /csp_report 1 frame-ancestors 'self'; frame-src 'self' *.debate.com.mx *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net giphy.com *.memeate.com *.windy.com *.taboola.com *.liveleak.com *.pinterest.com *.hotjar.com *.teads.tv debates.cocinaycomparte.com *.spotify.com *.criteo.com ecdn.firstimpression.io *.forexprostools.com tenor.com ytkids.app.goo.g www.nytimes.com www.vlive.tv streamable.com *.seedtag.com battlefy.com *.imonomy.com *.lijit.com; report-uri https://debate.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.au&source%5Bsection%5D=brochure&source%5Buuid%5D=fc63cb43c3c17ca741459bd96d1dbcba 1 default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; plugin-types application/pdf; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1 report-uri https://o38422.ingest.sentry.io/api/1381643/security/?sentry_key=035194ae1605493c99dd66c2a7b2ca98; default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1 report-uri https://www.yelp.com/csp_report_only?id=032e066656082fe3&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618351743; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1 frame-ancestors 'self' http://stage01-osl4-prod.lovdata.c.bitbit.net:* http://smia.lovdata.no:8080/ 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.jp&source%5Bsection%5D=brochure&source%5Buuid%5D=7ef905f3157a4801cb92bee15e8ae35e 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MjY5ODc4NTQ2OCwzNjM4MjUxMzE3'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 default-src 'self' altium.com *.altium.com;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' altium.com *.altium.com *.adroll.com *.marketo.com *.hotjar.com *.twitter.com d2ns91cgb08z5o.cloudfront.net d3l9fju211jpzs.cloudfront.net analytics.twitter.com bat.bing.com cdn.bizible.com cdn.optimizely.com cdn.segment.com cdn.syndication.twimg.com cdn.amplitude.com connect.facebook.net content.cdntwrk.com dev.visualwebsiteoptimizer.com ml314.com *.ml314.com d.adroll.mgr.consensu.org js.driftt.com go.toutapp.com googleads.g.doubleclick.net munchkin.marketo.net pixel-geo.prfct.co play.vidyard.com snap.licdn.com static.addtoany.com static.ads-twitter.com tag.marinsm.com www.upsellit.com www.instagram.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.google.com www.gstatic.com www.redditstatic.com www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline' altium.com *.altium.com *.marketo.com *.twitter.com *.twimg.com d2ns91cgb08z5o.cloudfront.net;object-src 'none';frame-src 'self' altium.com *.altium.com *.hotjar.com *.doubleclick.net *.fls.doubleclick.net *.marketo.com *.twitter.com play.vidyard.com d3l9fju211jpzs.cloudfront.net js.driftt.com www.instagram.com www.youtube.com www.google.com www.facebook.com;img-src data: *;font-src 'self' data: altium.com *.altium.com d2ns91cgb08z5o.cloudfront.net themes.googleusercontent.com fonts.gstatic.com;connect-src 'self' altium.com *.altium.com *.hotjar.com *.hotjar.io v2.api.uberflip.com play.vidyard.com cdn.bizible.com 817-sfw-071.mktoresp.com api.segment.io api.amplitude.com bat.bing.com d.adroll.com logx.optimizely.com rum.optimizely.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com;manifest-src 'self';base-uri 'self';media-src 'self' data:;worker-src 'none';report-uri https://www.altium.com/_csp; 1 default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.google.com *.snapchat.com; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world *.googleapis.com ;script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-j6gbVbsc0kummjC9iPMRXw==' 'sha256-uXHLV8LT280AwqEjY2Ibt5EvUh6wZjT6dk86SlarRrY=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-N9ztf1wx+YHmIwKzGt/sA+NS8eQxN8/5QtVkkYWuyNM=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-7Mq+o9CZptB6S9E5cdBX5qAS5Bhnkt2Ri7aXztEGatg=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' ; style-src 'self' 'unsafe-inline' https: ; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; form-action https:; report-uri https://arlingtonva.report-uri.io/r/default/csp/reportOnly; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 frame-ancestors 'self' *.salesforce.com; report-uri https://sentry.io/api/2704353/security/?sentry_key=81bd7f20e40c44acba15bc87de66fecf 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1 base-uri 'self';connect-src 'self' https://www.google-analytics.com https://*.googleapis.com https://api.rudderlabs.com https://hosted.rudderlabs.com https://rudderstack.taskade.cloud https://api.stripe.com https://checkout.stripe.com https://sentry.taskade.cloud wss:;default-src 'self';form-action 'self';media-src 'self' https://js.driftqa.com https://files.taskade.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com;object-src 'none';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.stripe.com https://files.taskade.com https://unpkg.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;font-src 'self';frame-src https://js.driftt.com https://widget.drift.com https://checkout.stripe.com https://hooks.stripe.com https://js.stripe.com https://call.taskade.com;report-uri /webhooks/csp-report;report-to /webhooks/csp-report;frame-ancestors 'none' 1 default-src 'unsafe-inline' 'unsafe-eval' 'self'; font-src 'self' data: https://fonts.gstatic.com:443; img-src 'self' data: https://secure.gravatar.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 report-uri https://mahadiscom.report-uri.com/r/d/csp/reportOnly 1 script-src 'nonce-0VMwdHNQRTHSzwYkgTtbDA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * blob: data:; media-src * blob: data:; worker-src * blob:; child-src 'self' https://app.uptrends.com https://app.uptrendsinfra.com https://secure.livechatinc.com https://calendly.com/; frame-ancestors 'self' https://app.uptrends.com https://app.uptrendsinfra.com; report-uri https://uptr1c0f8ed1b00f41c395691d75b.report-uri.com/r/d/csp/reportOnly 1 frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1 default-src 'self' *.acadiau.ca; img-src 'self' *.acadiau.ca *.index.digital *.sitescout.com *.gstatic.com *.bc0a.com *.twimg.com *.facebook.com *.twitter.com *.google.ca *.google.com www.google-analytics.com wl-pixel.index.digital pixel.sitescout.com s3.amazonaws.com *.b0e8.com; font-src 'self' *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com; style-src 'self' *.bootstrapcdn.com *.fontawesome.com *.twimg.com *.twitter.com *.googleapis.com widget.alongside.com 'unsafe-inline'; script-src 'self' *.acadiau.ca *.google.com *.googleapis.com acuityplatform.com *.jquery.com *.bootstrapcdn.com *.facebook.net *.google-analytics.com *.technolutions.net *.twitter.com *.twimg.com widget.alongside.com *.instagram.com *.cloudflare.com e.issuu.com *.pixel.ad *.hotjar.com *.bc0a.com *.b0e8.com 'unsafe-inline'; connect-src 'self' *.hotjar.com *.doubleclick.net www.google-analytics.com *.doubleclick.com *.sitescout.com *.doubleclick.n; frame-src 'self' *.hotjar.com *.youtube.com *.vimeo.com *.twitter.com *.issuu.com *.facebook.com *.instagram.com *.sitescout.com; frame-ancestors 'self'; 1 script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css; object-src 'none'; report-uri /report-csp-violation 1 default-src 'self' https: wss://widget-mediator.zopim.com; font-src 'self' https: data:; frame-ancestors 'none'; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://webhook.logentries.com/noformat/logs/025b65f5-c6dd-4ac0-ba93-87161263b690 1 default-src 'none';upgrade-insecure-requests;style-src https: 'unsafe-inline';font-src https: data:;img-src https: data:;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com;frame-src https://login.windows-ppe.net https://login.live.com https://login.live-int.com;worker-src 'self' blob:;child-src 'self' blob:;report-uri /api/csp-report?page=Unauth&reportOnly=True;script-src 'nonce-IlqwyAe6ZBKQPkJLGtK65g==' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic'; 1 child-src 'self'; connect-src 'self' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com https://*.adnxs.com https://*.cedexis.com https://*.eyeka.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.kameleoon.com https://*.pusher.com https://slaask.com; default-src 'self' data:; font-src 'self' data: http://*.eyeka.com https://*.embedly.com https://*.eyeka.com https://*.gstatic.com https://*.slaask.com; frame-src 'self' data: http://*.google.com http://*.youtube.com https://*.embedly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.kameleoon.com https://*.kameleoon.eu https://*.uservoice.com https://*.youtube.com; img-src 'self' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com http://*.s3.amazonaws.com http://*.youtube.com https://*.adnxs.com https://*.ads.linkedin.com https://*.amazonaws.com https://*.cdnetworks.net https://*.eyeka.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.am https://*.google.at https://*.google.be https://*.google.bg https://*.google.bj https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.cm https://*.google.co.ao https://*.google.co.cr https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.br https://*.google.com.co https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.lb https://*.google.com.mx https://*.google.com.my https://*.google.com.ng https://*.google.com.np https://*.google.com.pa https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.it https://*.google.kg https://*.google.kz https://*.google.lu https://*.google.me https://*.google.mu https://*.google.ne https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.sc https://*.google.se https://*.google.sn https://*.google.tn https://*.googleapis.com https://*.gravatar.com https://*.gstatic.com https://*.kameleoon.com https://*.licdn.com https://*.linkedin.com https://*.s3.amazonaws.com https://*.slaask.com https://*.twitter.com https://*.uservoice.com https://*.youtube.com https://t.co; manifest-src 'self'; media-src 'self' http://*.eyeka.com http://*.google.com http://*.s3.amazonaws.com https://*.amazonaws.com https://*.eyeka.com https://*.google.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.slaask.com; object-src 'self' data: http://*.eyeka.com https://*.eyeka.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com https://*.adnxs.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.cedexis.com https://*.embedly.com https://*.eyeka.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.id https://*.google.com https://*.google.fr https://*.google.ru https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.kameleoon.com https://*.licdn.com https://*.linkedin.com https://*.mouseflow.com https://*.mxpnl.com https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://*.slaask.com https://*.twitter.com https://*.uservoice.com https://twitter.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: http://*.eyeka.com https://*.embedly.com https://*.eyeka.com https://*.googleapis.com https://*.slaask.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_5839e7e0b36b4ff3bd538670ea663265 1 default-src https:; script-src 'self' 1 default-src https: 'unsafe-inline' 'unsafe-eval' wss://jobsv3.wort.lu/api/v1/sites/pt/latina/playlistUpdates; img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri https://www.wort.lu/report 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1 report-uri https://www.yelp.com/csp_report_only?id=7d219a83a4d64c80&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618355804; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-C5p86oWybY/szq2dGzVTn4isrSEPqe'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 default-src 'self' *.hsbc.com.ar; script-src 'self' 'unsafe-eval' *.hsbc.com.ar 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.com.ar 'unsafe-inline'; img-src 'self' *.hsbc.com.ar data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.com.ar hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.com.ar col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com/; 1 default-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com blob:; style-src 'self' https://checkout.stripe.com 'unsafe-inline' ; img-src * https://* http://* data:; font-src 'self' data:; script-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://js.stripe.com https://checkout.stripe.com https://platform.twitter.com/ https://twitter.com/ blob: 'unsafe-eval' 'unsafe-inline' ; frame-src 'self' https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.soundcloud.com/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ https://platform.twitter.com/ https://twitter.com/; media-src http://*.somafm.com https://*.somafm.com https://w.soundcloud.com https://api.soundcloud.com blob:; object-src 'self' http://*.somafm.com https://*.somafm.com blob:; connect-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com https://api.stripe.com ; report-uri https://c70042f2c71bb9b31e563921ca1357ff.report-uri.com/r/d/csp/reportOnly 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://cdn.paddle.com https://checkout.paddle.com https://*.zopim.com https://*.zdassets.com; frame-src https://www.google.com/ https://optimize.google.com https://checkout.paddle.com https://buy.paddle.com https://create-checkout.paddle.com; connect-src 'self' https://d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://analytics.paddle.com https://browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1 default-src https://*.hawkhost.com:443 data: 'unsafe-inline'; script-src 'self' ajax.cloudflare.com ajax.cloudflare.com static.cloudflareinsights.com https://*.google-analytics.com https://www.googletagmanager.com https://*.livechatinc.com https://*.hawkhost.com https://www.google.com https://www.gstatic.com 'unsafe-inline'; connect-src https://*.doubleclick.net https://*.livechatinc.com https://*.google-analytics.com; frame-src https://*.doubleclick.net https://*.google.com https://*.livechatinc.com; media-src https://*.hawkhost.com:443 https://*.livechatinc.com; img-src https://*.hawkhost.com https://*.livechatinc.com https://*.google.com https://*.google-analytics.com; script-src-elem https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.hawkhost.com https://*.livechatinc.com 'unsafe-inline' 1 default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 1 script-src 'nonce-4HU63HgTEiYYvBj6jP7EHg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; report-uri https://uship.report-uri.com/r/t/csp/reportOnly; report-to csp 1 img-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com ssl.gstatic.com www.google.com www.googleapis.com clients1.google.com i.ytimg.com *.vimeocdn.com www.paypal.com placekitten.com http://dummyimage.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.googleapis.com www.google.com tagmanager.google.com *.vimeocdn.com; script-src 'self' 'unsafe-eval' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net 'nonce-1/jnUF4DBi17kJmtSLQX2A=='; default-src 'self'; font-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.gstatic.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com http://127.0.0.1:1714 ig.instant-tokens.com graph.instagram.com vimeo.com; media-src cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net; frame-src 'self' data: www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com; report-uri https://www.sidefx.com/csp_reports/ 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://wwggsujy3yobtlvav9zj6w8w.httpschecker.net/report 1 font-src fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com data: *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com www.youtube.com video.google.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net https://www.googletagmanager.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src manolo.alekseon-test.eu www.manoloblahnik.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.forter.com www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'unsafe-inline' 'unsafe-eval'; script-src-elem https://www.boards.ie https://*.www.boards.test https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.google.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://pool.journalmedia.ie https://*.skimresources.com https://*.google.ie https://*.googleapis.com https://b-static.net https://static.boards.ie https://*.static.boards.test https://version.vbulletin.com 'unsafe-inline'; style-src-elem 'unsafe-inline' https://www.boards.ie https://*.www.boards.test https://b-static.net https://static.boards.ie https://*.static.boards.test; img-src http://* https://*; frame-src https://*.boards.ie https://*.boards.test https://pool.journalmedia.ie https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com ; connect-src https://*.boards.ie https://*.boards.test https://*.skimresources.com https://www.google-analytics.com https://*.doubleclick.net https://api.skimlinks.mgr.consensu.org https://*.googlesyndication.com; frame-ancestors 'self' https://*.boards.ie https://*.boards.test ; 1 base-uri 'none'; object-src 'none'; script-src https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/extra-locales/ https://blenderartists.org/highlight-js/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/ https://blenderartists.org/theme-javascripts/ https://blenderartists.org/svg-sprite/ 'report-sample' 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/; report-uri https://blenderartists.org/csp_reports 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-mL6++2RhpQjD++aBRrnwqosyCNRPFU'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.fontawesome.com cdn.jsdelivr.net micuenta.invertironline.com s3.amazonaws.com fonts.googleapis.com www.gstatic.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.fontawesome.com cdn.jsdelivr.net s3.amazonaws.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com streaming-externo-v2.invertironline.com track.embluemail.com www.google.com.ar *.doubleclick.net in.hotjar.com vc.hotjar.io bam-cell.nr-data.net www.google-analytics.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; form-action www.invertironline.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam-cell.nr-data.net secure.trust-provider.com micuenta.invertironline.com www.gstatic.com px.ads.linkedin.com www.google-analytics.com *.amazonaws.com www.linkedin.com p.adsymptotic.com fonts.gstatic.com s3.amazonaws.com www.googletagmanager.com www.google.com.ar www.google.com www.facebook.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: flo.uri.sh www.youtube.com youtu.be *.doubleclick.net vars.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com static.hotjar.com secure.comodo.com www.google-analytics.com s.reembed.com micuenta.invertironline.com cdn.embluemail.com www.youtube.com www.gstatic.com js-agent.newrelic.com connect.facebook.net bam-cell.nr-data.net cdn.onesignal.com s3.amazonaws.com script.hotjar.com snap.licdn.com pixeltracking.embluemail.com; report-uri /csp_report 1 media-src; form-action 'self'; script-src starex-assets.fra1.cdn.digitaloceanspaces.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com cdn.jsdelivr.net 'nonce-jvaYRqOvENxZVztmV8I7zQ=='; navigate-to 'self'; font-src data: starex-assets.fra1.cdn.digitaloceanspaces.com; object-src; manifest-src starex-assets.fra1.cdn.digitaloceanspaces.com; upgrade-insecure-requests; connect-src 'self' https://www.google-analytics.com; base-uri; style-src 'unsafe-inline' starex-assets.fra1.cdn.digitaloceanspaces.com; child-src; worker-src 'self'; frame-ancestors; img-src starex-assets.fra1.cdn.digitaloceanspaces.com www.googletagmanager.com www.google.com www.google.az https://www.google-analytics.com https://www.facebook.com; prefetch-src; default-src 'self'; frame-src paytr.com https://www.google.com https://www.youtube.com; report-uri /csp-report/ 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-QrmpSehGzoM4mMM7sm1XLX2F+i16lM'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src 'self' *.kwaixiaodian.com *.gifshow.com *.kuaishou.com *.kuaishoupay.com *.ksapisrv.com *.yximgs.com hm.baidu.com fonts.gstatic.com hm.baidu.com;img-src 'self' *.kwaixiaodian.com *.gifshow.com http://*.kuaishou.com https://*.kuaishou.com http://*.yximgs.com https://*.yximgs.com *.kwimgs.com www.gstatic.com hm.baidu.com data:;style-src 'self' 'unsafe-inline' *.kwaixiaodian.com *.gifshow.com *.kuaishou.com *.yximgs.com data:;font-src 'self' *.kwaixiaodian.com *.gifshow.com *.kuaishou.com *.yximgs.com fonts.gstatic.com at.alicdn.com data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kwaixiaodian.com *.gifshow.com *.kuaishou.com *.yximgs.com hm.baidu.com;frame-src 'self' *.kuaishou.com;form-action 'self';report-uri https://csplog.kuaishou.com/log/kwaishop/wwwkwaixiaodian 1 style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com fonts.googleapis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com cdnjs.cloudflare.com www.discovery.co.za; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: d16pi0tqkfzkv3.cloudfront.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com adservice.google.com collect.feefo.com *.doubleclick.net vc.hotjar.io api.iperceptions.com www.googletagmanager.com fonts.gstatic.com api.feefo.com connect.facebook.net s.yimg.com maps.gstatic.com; form-action www.discovery.co.za; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com www.google.co.za px.ads.linkedin.com maps.gstatic.com t.co maps.googleapis.com connect.facebook.net www.linkedin.com www.google.com p.adsymptotic.com www.facebook.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: iframe.iono.fm d16pi0tqkfzkv3.cloudfront.net www.googletagmanager.com www.google.com www.youtube.com universal.iperceptions.com *.doubleclick.net vars.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: register.feefo.com www.googletagmanager.com static.hotjar.com api.feefo.com s.yimg.com www.google.com sp.analytics.yahoo.com *.doubleclick.net static.ads-twitter.com www.youtube.com 20584727p.rfihub.com analytics.twitter.com connect.facebook.net ajax.googleapis.com maps.googleapis.com www.googleadservices.com snap.licdn.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.discovery.co.za; report-uri /csp_report 1 default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 1 default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1 default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com 'nonce-MTgwMDMxMDcyNywyMjY1NDA4Nzgz' static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com; child-src js.stripe.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/reportOnly; report-to default 1 base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly; 1 default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AJO3FBRUE6J4S:sid=260-6546749-2891311:rid=5NR60YJ3A03XMDJ74CS1:sn=www.audible.in 1 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.blikk.hu::PROD_1_2_4_AWS_Cache 1 report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV3VOE24ov0vchYgO3uoxKHdePxnKoFiICkeq1Vt2reRBEg4zYmpS2XL1UJS-0Ova9gUiV2PUH3EvuXcIOdrBPvAUgkIP-ZRbRMryNUY6YGqAQ== ; block-all-mixed-content ; default-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.it https://*.videoask.live ; script-src 'report-sample' 'self' 'unsafe-eval' https://*.videoask.com https://*.videoask.it https://*.videoask.live 'unsafe-inline' https://js.stripe.com https://www.dropbox.com https://*.calendly.com https://*.oncehub.com https://cdn.amplitude.com https://cdn.cookielaw.org https://cdn.rollbar.com https://cdn.segment.com https://connect.facebook.net https://fast.wistia.com https://script.crazyegg.com https://snap.licdn.com https://snippet.growsumo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.intellimize.co ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' data: blob: android-webview-video-poster: https: ; media-src 'report-sample' 'self' blob: data: https: ; connect-src 'report-sample' 'self' blob: https://*.videoask.com https://*.videoask.it https://*.videoask.live wss://*.videoask.live wss://*.videoask.com https://videoask-media-dev.s3-accelerate.amazonaws.com https://videoask-media-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3-accelerate.amazonaws.com https://videoask-uploads-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3.amazonaws.com https://videoask-uploads-prod.s3.amazonaws.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.launchdarkly.com https://*.pexels.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://*.g.doubleclick.net https://www.google-analytics.com https://*.crazyegg.com https://p.adsymptotic.com https://www.facebook.com https://track.segmetrics.io https://*.google.com https://grsm.io https://cdn.cookielaw.org https://*.onetrust.com https://*.contentful.com https://videoask.zendesk.com https://*.intellimize.co ; style-src 'report-sample' 'self' https://font.typeform.com 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://cdn.quilljs.com ; font-src 'report-sample' 'self' data: https://font.typeform.com https://fonts.gstatic.com ; frame-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.it https://*.videoask.live https://calendly.com https://app.acuityscheduling.com https://*.oncehub.com https://js.stripe.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.wistia.com https://www.facebook.com https://*.doubleclick.net https://6g4qf7txd07m.statuspage.io https://*.intellimizeio.com ; frame-ancestors * ; object-src 'none' ; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.addtoany.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.adsrvr.org *.thevoterguide.org *.typekit.net *.rockthevote.com s3.amazonaws.com *.google.com *.gstatic.com vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com www.googletagmanager.com ads.undertone.com; object-src 'self' 'unsafe-eval' *.rockthevote.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.thevoterguide.org *.addtoany.com *.amazonaws.com; img-src 'self' data: *.google-analytics.com *.facebook.com *.addtoany.com *.typekit.net vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com *.doubleclick.net www.googletagmanager.com www.google.com i.ytimg.com ads.undertone.com evt.undertone.com; frame-src 'self' *.vote411.org *.rockthevote.com *.addtoany.com insight.adsrvr.org www.google.com lwv.thevoterguide.org maps.google.com match.adsrvr.org www.facebook.com; frame-ancestors *.rockthevote.com; child-src *.rockthevote.com s3.amazonaws.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.typekit.net; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net performance.typekit.net www.google.com www.facebook.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1 default-src 'self' 'unsafe-inline' *.gstatic.com static.cloud.coveo.com fonts.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com *.youtube.com *.ytimg.com *.google-analytics.com stats.g.doubleclick.net siteimproveanalytics.com *.siteimproveanalytics.io static.hubbardone.com ajax.googleapis.com *.siteimprove.com 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 font-src fonts.gstatic.com *.fontawesome.com data: *.gstatic.com https://objects.chopard.com *.sfdcstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.fls.doubleclick.net *.force.com *.google.com https://objects.chopard.com *.cedexis-test.com *.hotjar.com *.contentsquare.net cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com data: *.quantserve.com https://objects.chopard.com *.igodigital.com *.google.com *.facebook.com *.linkedin.com *.cedexis-test.com *.siteimproveanalytics.io *.contentsquare.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://objects.chopard.com *.gstatic.com *.force.com *.facebook.net *.mouseflow.com *.cloudfront.net *.cedexis.com *.cedexis-test.com *.salesforceliveagent.com *.googletagmanager.com *.cloudflare.com *.curalate.com *.licdn.com *.contentsquare.net *.igodigital.com siteimproveanalytics.com emea-chopard.netmng.com *.quantserve.com *.hotjar.com *.quantcount.com *.newrelic.com *.userway.org r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fontawesome.com https://objects.chopard.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.google-analytics.com *.mouseflow.com https://objects.chopard.com *.freshrelevance.com wss://am.freshrelevance.com *.g.doubleclick.net *.cedexis.com *.contentsquare.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net; style-src *.bellroy.com https: 'unsafe-inline' data:; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp_reports 1 default-src 'self' *.hsbc.com.cn; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hsbc.com.cn cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.hsbc.com.cn; child-src 'self' *.hsbc.com.cn hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; img-src 'self' *.hsbc.com.cn data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com www.google.com www.facebook.com dpm.demdex.net www.hsbc.co.in cm.everesttech.net hsbcbankglobal.sc.omtrdc.net bat.bing.com www.google.co.in www.google.com.hk; connect-src 'self' *.hsbc.com.cn col.eum-appdynamics.com dpm.demdex.net mboxedge38.tt.omtrdc.net hsbcbankglobal.tt.omtrdc.net mboxedge31.tt.omtrdc.net hsbcbankglobal.sc.omtrdc.net mboxedge22.tt.omtrdc.net bat.bing.com; frame-src 'self' *.hsbc.com.cn bid.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' *.hsbc.com.cn www.googletagmanager.com www.hsbc.com.cn bat.bing.com connect.facebook.net hsbcbankcn.tt.omtrdc.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net cdn.hsbc.com.cn www.googleadservices.com www.isstprod.hsbc.com.cn tags.tiqcdn.com sy.v.liveperson.net accdn.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 frame-src 'self' https://js.stripe.com https://dialog.filepicker.io https://www.filepicker.io https://content.googleapis.com https://www.google.com https://insight.adsrvr.org https://match.adsrvr.org https://vimeo.com https://player.vimeo.com https://www.youtube.com https://suicidegirls.com https://gfycat.com https://streamable.com https://bandcamp.com https://open.spotify.com https://www.youtube-nocookie.com https://www.facebook.com https://m.facebook.com https://platform.twitter.com https://player.twitch.tv https://w.soundcloud.com https://eroshare.com https://oddshot.tv https://www.pornhub.com https://www.reverbnation.com https://drive.google.com https://www.washingtonpost.com https://www.arte.tv https://www.mixcloud.com https://www.redgifs.com https://redgifs.com https://www.instagram.com https://instagram.com https://www.flickr.com http://www.funnyordie.com https://giphy.com/ 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.dirt.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 1 object-src players.brightcove.net s.propertyware.com www.propertyware.com vjs.zencdn.net; frame-ancestors 'self'; style-src 'unsafe-inline' *.propertyware.com fonts.googleapis.com info.buildium.com; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 1 default-src 'self' https://*.brainstation.io; img-src 'self' blob: data: https:; font-src 'self' data: https:; style-src 'self' data: https: 'unsafe-inline'; media-src 'self' blob: data: https:; script-src 'self' 'nonce-6XsjClgxamubdwnncooCwQ==' 'unsafe-inline' https://*.brainstation.io https://maxcdn.bootstrapcdn.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net ssl.google-analytics.com bat.bing.com snap.licdn.com connect.facebook.net *.quora.com platform.twitter.com https://api.raygun.io *.live-video.net https://js.stripe.com; report-uri https://report-to-api.raygun.com/reports-csp?apikey=N2M8n90VfFeHHg24B9C5A&tags=%5B%22io%22%5D; connect-src 'self' https://*.brainstation.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.ca https://www.facebook.com https://bat.bing.com https://*.quora.com https://api.raygun.io *.live-video.net https://api.stripe.com; child-src 'self' https://*.brainstation.io https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net blob:; form-action 'self' https://*.brainstation.io https://intercom.help https://api-iam.intercom.io; frame-src 'self' https://*.brainstation.io platform.twitter.com https://www.facebook.com https://js.stripe.com https://hooks.stripe.com; worker-src 'self' https://*.brainstation.io blob: 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-2vf3dZb64LtnV6OMMklNfKbZ3ekINP'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 script-src 'nonce-XtyKaDDYkrv8m7HLdbKAKQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1 default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self';connect-src https: wss:; script-src 'nonce-x4uY2bDn0q4Ml1sTzgYftZqOBs7b5hKriNqxvoD2yrI=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1 base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.nanohub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://nanohub.org https://www.dropbox.com https://graph.facebook.com; default-src 'self' data: https://*.nanohub.org https://*.nanohub.aws.hubzero.org; font-src 'self' about: https://fonts.gstatic.com data: safari-extension: chrome-extension:; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' https://*.nanohub.org https://*.nanohub.aws.hubzero.org https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com https://player.vimeo.com; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com; report-uri https://csp.hubzero.org/csp-cms.php 1 connect-src 'self' sessions.bugsnag.com forms.hubspot.com biggie-the-cat.s3.amazonaws.com bam.nr-data.net; object-src 'self' *.flocabulary.com s3.amazonaws.com; script-src 'self' *.flocabulary.com www.googletagmanager.com 'sha256-h8gG1uNWi02S00uhnnPan+IfTOULBEi0D46e6eAw/dk=' connect.facebook.net apis.google.com ajax.googleapis.com www.google-analytics.com js.hsleadflows.net js.hs-analytics.net bam.nr-data.net js-agent.newrelic.com d1fc8wv8zag5ca.cloudfront.net 'nonce-oDi1lqTQnv90FFoK'; img-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com s3.amazonaws.com biggie-the-cat.s3.amazonaws.com www.facebook.com track.hubspot.com events.fivetran.com www.google-analytics.com cx.atdmt.com stats.g.doubleclick.net data:; media-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com; font-src 'self' *.flocabulary.com use.typekit.net use.typekit.com data:; frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us; default-src 'self' *.flocabulary.com; style-src 'self' *.flocabulary.com use.typekit.net use.typekit.com p.typekit.net 'unsafe-inline'; frame-src 'self' www.facebook.com s3.amazonaws.com; report-uri https://1790360b11fe0efc9c9d543e4d7dfa4d.report-uri.com/r/d/csp/reportOnly 1 report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 1 child-src 'self'; connect-src 'self' https://*.amazonaws.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.pusher.com wss://*.pusherapp.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.cloudfront.net https://*.gstatic.com; frame-src 'self' https://*.are.na https://*.embedly.com https://*.google.com https://*.instagram.com https://*.s3.amazonaws.com https://*.stripe.com https://*.vimeo.com; img-src 'self' data: http://*.gstatic.com https://*.are.na https://*.cloudfront.net https://*.ctfassets.net https://*.google-analytics.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.ytimg.com https://gravatar.com; manifest-src 'self'; media-src 'self' http://*.gstatic.com https://*.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.gstatic.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.pusher.com https://*.stripe.com https://instant.page; style-src 'self' 'unsafe-inline' https://*.are.na https://*.cloudfront.net; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_c2f690c70bd2203791fa5b65771c7bbb 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: store.paradoxlabs.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net www.youtube.com *.avada.io *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'unsafe-eval' 'unsafe-inline' https: 'sha256-GZIcz60Uwd6wT3vaYke/atSr53TehbYAPepOa3d03Vw=' 'nonce-418482d02b0762eeb02bca85' 'strict-dynamic' 'report-sample' ; worker-src 'self'; report-uri https://csp.tourradar.com 1 default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' cactusvpn.com www.cactusvpn.com billing.cactusvpn.com; report-uri https://75943a29954faa0d1b365a52c248c905.report-uri.com/r/d/csp/reportOnly; 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-eU1zIjepJhBznTc8NewQqbsFdTFPZX'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: s.ytimg.com siteimproveanalytics.com us4.siteimprove.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com 1 script-src 'self' https://www.google.com chrome-extension: https://code.createjs.com https://code.jquery.com https://www.googletagmanager.com https://25prim.ru 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' https://www.gstatic.com https://bitrix.info https://stat.sputnik.ru https://mc.yandex.ru https://www.google-analytics.com http://code.jquery.com blob: https://connect.facebook.net opera://js-inject data: https://pos.gosuslugi.ru https://ucads-cdn.ucweb.com https://megatimer.ru asset https://translate.google.com https://translate.googleapis.com https://widget-feature.local https://widgets.101apis.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://25prim.ru chrome-extension: https://dl.metabar.ru https://acestream.me https://www.youtube.com https://youtube.com https://jquery1lib.ru https://remove.video https://pos.gosuslugi.ru https://ucads-cdn.ucweb.com https://saltcdn2.googleapis.com https://saltcdn2.www.instagram.com https://vk.com https://saltcdn2.twitter.com https://tia-ostrova.ru https://world-game-news.ru https://api.ppgw3t5e.xyz https://1si.ru https://tkani-shiko.ru https://info67.ru; object-src 'self'; report-uri /cspreportonly; 1 report-uri https://postaway.translink.ca/api/report-csp; frame-src www.youtube.com www.youtube-nocookie.com www.googletagmanager.com bid.g.doubleclick.net; img-src 'self' *.translink.ca www.google-analytics.com www.google.com www.google.ca stats.g.doubleclick.net www.facebook.com; media-src 'self' tlweblibs.translink.ca; script-src 'report-sample' 'self' tlweblibs.translink.ca www.google-analytics.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net connect.facebook.net analytics.twitter.com static.ads-twitter.com bat.bing.com rules.quantcount.com secure.quantserve.com; style-src 'self' tlweblibs.translink.ca fast.fonts.net; 1 default-src 'self' *.antpedia.com v.antwebinar.com hm.baidu.com m.baidu.com jspassport.ssl.qhimg.com *.google-analytics.com zz.bdstatic.com s.ssl.qhres.com sp0.baidu.com s.360.cn c.mipcdn.com wpa.qq.com res.wx.qq.com mp.weixin.qq.com msite.baidu.com ae.bdstatic.com share.baidu.com bdimg.share.baidu.com *.alicdn.com *.cn-hangzhou.log.aliyuncs.com *.dns-detect.alicdn.com browser.sentry-cdn.com push.zhanzhang.baidu.com po.srf.baidu.com toutong.baidu.com static.bshare.cn cdn.jsdelivr.net sentry.io *.googleapis.com *.cnzz.com api.map.baidu.com *.uc.cn uc.gre *.gstatic.com *.ucweb.com bshare.optimix.cn s2.pstatp.com 'unsafe-inline' 'unsafe-eval'; img-src * data: ; upgrade-insecure-requests; report-uri https://www.antpedia.com/scp-report/index.php 1 default-src 'self' *.hsbc.ca; script-src 'self' 'unsafe-eval' *.hsbc.ca 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.ca 'unsafe-inline'; child-src 'self' *.hsbc.ca hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; script-src-elem 'self' 'unsafe-inline' *.hsbc.ca mcm-sit-ca.hsbc.com.hk; img-src 'self' *.hsbc.ca data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com dpm.demdex.net cm.everesttech.net; connect-src 'self' *.hsbc.ca col.eum-appdynamics.com dpm.demdex.net mcm-sit-ca.hsbc.com.hk; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com/; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.uk&source%5Bsection%5D=brochure&source%5Buuid%5D=a3e7fb70f1d90c739c611fdfa5ddbefe 1 default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://vwtjtrxk3sfdp0kvpob5s8gb.httpschecker.net/report 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' ; connect-src 'self' *.visualstudio.com www.facebook.com *.zopim.com t.kmtx.io *.doubleclick.net *.mapbox.com www.google.com ekr.zdassets.com eurotunnel.zendesk.com cdnjs.cloudflare.com ajax.googleapis.com *.google-analytics.com adservice.google.com cdn-ukwest.onetrust.com in.hotjar.com privacyportal-uk.onetrust.com rollbar-eu.zendesk.com s.yimg.com session.socialware.com vc.hotjar.io wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com www.bing.com www.google.be www.google.co.uk www.google.de www.google.fr www.google.it www.google.nl www.google.pl www.google.ro app.socialware.com gjtrack.ucweb.com static.zdassets.com ; font-src data: fonts.gstatic.com v2.zopim.com 'self' script.hotjar.com themes.googleusercontent.com ; frame-src 'self' player.vimeo.com widget.trustpilot.com gateway.zscloud.net gum.criteo.com aax-eu.amazon-adsystem.com travelmoney.travelex.co.uk *.twitter.com *.doubleclick.net tpc.googlesyndication.com analytics-google.net www.googletagmanager.com mozbar.moz.com *.facebook.com acs.airplus.com connect.facebook.net vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com twitter.com vimeo.com www.booking.com www.linkedin.com leshuttle.typeform.com ; img-src blob: q-xx.bstatic.com dis.criteo.com ad.sxp.smartclip.net ad.yieldlab.net cotads.adscale.de cdn.stickyadstv.com cm.adform.net r.casalemedia.com rtb-csync.smartadserver.com criteo-partners.tremorhub.com criteo-sync.teads.tv match.bnmla.com contextual.media.net match.sharethrough.com sync-criteo.ads.yieldmo.com visitor.omnitagjs.com ad.360yield.com sync.e-planning.net beacon.krxd.net x.bidswitch.net tags.bluekai.com us-u.openx.net s.ad.smaato.net ad.doubleclick.net pixel.rubiconproject.com *.pubmatic.com secure.adnxs.com *.2mdn.net sp.analytics.yahoo.com sync.outbrain.com *.twitter.com *.blob.core.windows.net *.zopim.com *.zopim.io *.doubleclick.net consent.trustarc.com via.placeholder.com lowffdompro.com *.twimg.com login.microsoftonline.com *.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe *.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar www.google.ch www.google.me www.google.com.ec www.google.ro www.google.nl www.google.com.mx www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.co.in www.google.hr data: img.youtube.com *.googleapis.com 'self' *.google-analytics.com *.facebook.com www.google.co.uk www.google.com ads.stickyadstv.com ads.yahoo.com adservice.google.ad adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.nz adservice.google.co.uk adservice.google.co.za adservice.google.co.zw adservice.google.com adservice.google.com.au adservice.google.com.co adservice.google.com.kw adservice.google.com.mt adservice.google.com.mx adservice.google.com.pe adservice.google.cz adservice.google.de adservice.google.dk adservice.google.es adservice.google.fr adservice.google.gg adservice.google.gr adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.iq adservice.google.it adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.se an.yandex.ru cdn-ukwest.onetrust.com help.eurotunnel.com i.liadm.com i.vimeocdn.com i.ytimg.com translate.google.com twitter.com www.google-analytics.com www.google.ad www.google.ae www.google.al www.google.bg www.google.co.jp www.google.co.ma www.google.co.nz www.google.co.zw www.google.com.au www.google.com.gi www.google.com.kw www.google.com.mt www.google.com.pk www.google.com.qa www.google.ee www.google.gg www.google.hu www.google.iq www.google.je www.google.li www.google.lt www.google.lu www.google.rs www.google.si www.google.sn www.google.tn www.googletagmanager.com cm.g.doubleclick.net connect.facebook.net log.pinterest.com ad.doubleclick.net ups.analytics.yahoo.com ; media-src 'self' static.zdassets.com data: ; child-src 'self' blob ; script-src-elem 'self' *.onetrust.com sslwidget.criteo.com static.criteo.net s.kmtx.io ; script-src 'self' blob: data az416426.vo.msecnd.net widget-mediator.zopim.com sslwidget.criteo.com *.onetrust.com gateway.zscloud.net *.googlesyndication.com platform.twitter.com widget.trustpilot.com *.doubleclick.net consent.truste.com consent.trustarc.com assets.zendesk.com v2.zopim.com static.zdassets.com *.twimg.com www.gstatic.com www.google.com tpc.googlesyndication.com *.bootstrapcdn.com *.googleapis.com *.instagram.com connect.facebook.net eval: inline: s.ytimg.com *.hotjar.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.googletagmanager.com www.youtube.com www.google-analytics.com embed.typeform.com data: s.yimg.com sp.analytics.yahoo.com ; style-src platform.twitter.com *.googleapis.com inline: 'self' 'unsafe-inline'; report-uri https://eurotunnel.report-uri.com/r/d/csp/reportOnly 1 report-uri /api/csp-report/ 1 default-src 'unsafe-inline' 'unsafe-eval' 'self' *.moxa.com *.moxa.com.cn https://*.google.com *.addthis.com *.youtube.com; style-src 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.moxa.com *.moxa.com.cn www.googletagmanager.com www.youtube.com fast.fonts.net *.google-analytics.com *.crazyegg.com *.googleadservices.com cdn.bizible.com cdn-akamai.mookie1.com s.ytimg.com *.pingdom.net *.doubleclick.net *.marketo.net cdn.polyfill.io tags.tiqcdn.com tags.tiqcdn.cn *.marketo.net *.usabilla.com *.gstatic.com *.google.com *.facebook.net *.facebook.com *.addthis.com *.addthisedge.com *.googleapis.com *.googletagmanager.com *.youtube.com *.moatads.com cdn.onesignal.com *.swiftypecdn.com *.onesignal.com *.assets.zendesk.com easyid.scansafe.net static-resource.com cdn-javascript.net gateway.zscaler.net easyid.scansafe.com gateway.zscloud.net *.optnmnstr.com tribedone.org *.exeloncorp.com linkangood.com filter.nov.com rasenalong.com osskanger.com yastatic.net; connect-src 'self' *.mktoresp.com *.pingdom.net *.moxa.com *.moxa.com.cn *.facebook.com *.addthis.com *.google-analytics.com *.pingdom.net *.doubleclick.net *.zdassets.com *.api.opmnstr.com plugin.ucads.ucweb.com easyid.scansafe.net; frame-src 'self' *.doubleclick.net *.addthis.com *.google.com *.mookie1.com *.youtube.com *.googleapis.com *.akamaihd.net *.facebook.com ; img-src 'self' data: *; font-src 'self' data: *; media-src 'self' data: *.gstatic.com; report-uri https://moxacsp.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=f5139d66483f3318498f563daa374c49 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ytimg.com *.vimeo.com www.youtube.com www.google.com www.google.no assets.adobedtm.com sparebank1.d3.sc.omtrdc.net *.cicero.no *.sparebank1.no *.googletagmanager.com cdn.tt.omtrdc.net; style-src 'self' 'unsafe-inline' *.sparebank1.no www.youtube.com services.cicero.no translate.googleapis.com; img-src 'self' *.ytimg.com secure.adnxs.com track.adform.net *.doubleclick.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net alliansesamarbeidets.tt.omtrdc.net cm.everesttech.net www.facebook.com *.sparebank1.no *.boost.ai www.google.no www.google.com *.demdex.net resources.mynewsdesk.com www.googletagmanager.com www.gstatic.com data:; connect-src 'self' *.cicero.no *.demdex.net *.omtrdc.net *.brreg.no *.sparebank1.no www.mynewsdesk.com publish.ne.cision.com translate.googleapis.com edge.adobedc.net; font-src 'self' *.sparebank1.no resources.mynewsdesk.com services.cicero.no data:; media-src 'self'; frame-ancestors 'self'; frame-src 'self' www.sr-finans.no *.sparebank1.no lt.morningstar.com www.youtube.com *.vimeo.com assets.adobedtm.com *.demdex.net sparebank1.demdex.net www.sign.nets.eu ir.asp.manamind.com www.sb1finans.no www.snnfinans.no dbsnn.no www.googletagmanager.com *.doubleclick.net www.ident.nets.eu www.sb1fo.no www.webcruiter.no *.easycruit.com; report-uri /bin/logservlet 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com connect.facebook.net cdn.polyfill.io code.jquery.com www.google-analytics.com ssl.google-analytics.com www.googleoptimize.com script.crazyegg.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com unpkg.com script.hotjar.com static.hotjar.com c5.adalyser.com localhost:3000; connect-src 'self' *.fontawesome.com api.addressy.com in.hotjar.com ws1.hotjar.com cable.us4.list-manage.com admin.cable.co.uk stats.g.doubleclick.net localhost:3000; img-src 'self' data: *.cable.co.uk www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com pbs.twimg.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com c5.adalyser.com v2.crocdn.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk pro.fontawesome.com localhost:3000; font-src 'self' *.fontawesome.com maxcdn.bootstrapcdn.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' widget.trustpilot.com vars.hotjar.com googleads.g.doubleclick.net data:; child-src 'self' blob:; report-uri /csp-violation-report/ 1 default-src 'self' *.hsbc.com.my; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hsbc.com.my cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.hsbc.com.my; img-src 'self' *.hsbc.com.my data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.com.my hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.com.my col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 default-src 'self' data: blob: *.ulikecam.com *.snssdk.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net;script-src-elem data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.bytecdn.cn *.snssdk.com *.bootcss.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net;frame-ancestors *.ulikecam.com;frame-src bytedance:;media-src *.bytecdn.cn *.365yg.com *.ixigua.com *.pstatp.com;style-src 'unsafe-inline' *.pstatp.com *.bytecdn.cn;connect-src *.snssdk.com *.bytedance.net *.ulikecam.com *.pstatp.com *.bytedance.com;img-src *.pstatp.com *.qq.com *.bytecdn.cn data: *.byteimg.com *.bytedance.net *.ulikecam.com *.gstatic.com android-webview-video-poster;;font-src data: *.byted.org *.alicdn.com *.gstatic.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sportico.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.twitter.com *.outbrain.com bam.nr-data.net bat.bing.com *.taboola.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com *.doubleclick.net *.hubspot.com api.hubapi.com js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com js.usemessages.com js.driftt.com *.yandex.ru svc.webspellchecker.net *.newrelic.com *.linkedin.com *.leadforensics.com *.bizographics.com *.outbrain.com gateway.zscloud.net www.google-analytics.com www.google.com www.google.ch www.google.ru www.google.co.in www.google.co.jp www.google.co.uk www.google.de www.google.com.sg www.google.com.pe www.google.co.th www.google.bg www.google.at https://www.google.es www.googleadservices.com www.googletagmanager.com *.gravatar.com statics.teams.cdn.office.net; report-uri /csp-reports 1 object-src 'none'; script-src 'nonce-B6YPRQ8cEt3hMsI49kjM7w==' 'unsafe-inline' 'strict-dynamic' https: http: maps.googleapis.com www.google.com/jsapi; base-uri 'none'; report-uri https://reservio.report-uri.com/r/d/csp/reportOnly; 1 default-src 'none';img-src 'self' data: an.yandex.ru yastatic.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org;font-src 'self';child-src mc.yandex.ru;connect-src 'self' *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org;frame-src 'self' mc.yandex.ru preview.adfox.net;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' yastatic.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org 'unsafe-inline';report-uri https://csp.yandex.net/csp?from=adfox; 1 report-uri https://www.yelp.com/csp_report_only?id=48933487bcfd01ef&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618353468; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://smetrics.elsevier.com https://www.rnengage.com https://*.widget.custhelp.com https://www.livelook.com https://*.cobrowse.oraclecloud.com https://dpm.demdex.net https://*.omtrdc.net https://www.pingvp.com https://translate.googleapis.com https://translate.google.com https://www.drillster.com https://dpm.demdex.net https://cdn.cookielaw.org https://geolocation.onetrust.com; img-src 'self' data: https://supportcontent.elsevier.com https://smetrics.elsevier.com https://www.rnengage.com https://*.cobrowse.oraclecloud.com https://www.pingvp.com https://www.livelook.com https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://www.google.com/images/cleardot.gif https://www.gravatar.com https://ton.twimg.com https://cm.everesttech.net https://dpm.demdex.net https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.livelook.com https://www.pingvp.com https://ton.twimg.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; connect-src 'self' https://smetrics.elsevier.com https://dpm.demdex.net https://*.omtrdc.net https://*.rightnowtech.com https://translate.googleapis.com https://*.livelook.com wss://*.livelook.com https://dpm.demdex.net https://cdn.cookielaw.org https://privacyportal.onetrust.com; object-src https://supportcontent.elsevier.com; report-uri /cgi-bin/elsevier5.cfg/php/custom/report-csp.php; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' wss://chat.20i.com:*; img-src https: 'self' data:; frame-src https: 'self' data:; 1 default-src * data: ws: wss://evbk.gamooga.com wss://ssbk2-uk.gsecondscreen.com fbrpc:; img-src *.caratlane.com *.cltstatic.com https: blob: data: android-webview-video-poster: about: www.facebook.com; style-src 'self' 'unsafe-inline' assets.cltstatic.com https://fonts.googleapis.com https://accounts.google.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *.cltstatic.com *.caratlane.com *.google-analytics.com *.facebook.net *.google.com *.branch.io *.segment.com *.googleapis.com *.nanigans.com *.everestjs.net *.googleadservices.com *.criteo.net *.criteo.com *.shopmsg.me *.gsecondscreen.com *.gamooga.com *.mxpnl.com *.segment.io https://app.link *.livechatinc.com assets.cltstatic.com https://connect.facebook.net https://static.criteo.net/ https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.1/rollbar.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js https://rum-static.pingdom.net https://dx.steelhousemedia.com *.steelhousemedia.com *.adsrvr.org https://assets.adobedtm.com; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self'; report-uri /report-violation 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.trulieve.com fonts.googleapis.com *.cloudflare.com code.jquery.com snapwidget.com static.zdassets.com www.google-analytics.com cdn.surfside.io snapwidget.com js-agent.newrelic.com bam-cell.nr-data.net *.google.com www.gstatic.com connect.facebook.net static.zdassets.com *.sharethis.com linkhelp.clients.google.com maps.googleapis.co 1 script-src 'unsafe-eval' 'self' fast.fonts.net www.google.com *.googleapis.com *.gstatic.com *.google-analytics.com platform.twitter.com cdn.api.twitter.com syndication.twimg.com *.facebook.net *.newrelic.com bs.serving-sys.com cdn.feedbackify.com www.googleadservices.com s.btstatic.com s.thebrighttag.com; object-src 'self' www.youtube.com maps.googleapis.com; media-src 'self' www.youtube.com; report-uri /flybuys-web/api/csp-report 1 font-src *.fontawesome.com *.typekit.net *.yotpo.com https://www.gstatic.com 'unsafe-inline' data: *.cloudmaestro.com https://fonts.gstatic.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.cookiebot.com *.adsrvr.org *.force.com *.affirm.com *.signifyd.com *.online-metrix.net *.hotjar.com *.facebook.com *.paypalobjects.com *.vimeo.com https://www.google.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com *.imgix.net *.yotpo.com *.collect.com *.bing.com *.google.com *.google.ca *.google.dk *.google.co.uk *.google.no *.google.co.jp *.cloudfront.net *.igodigital.com *.adsrvr.org *.affirm.com tr.snapchat.com *.signifyd.com s3.amazonaws.com *.paypal.com *.online-metrix.net ct.pinterest.com px.ads.linkedin.com www.facebook.com p.adsymptotic.com *.googletagmanager.com shinola-m2.s3.us-east-2.amazonaws.com *.cloudmaestro.com *.google.co.in *.webscale.com s.amazon-adsystem.com shinola-m2.s3.amazonaws.com filson-m2.s3.amazonaws.com *.doubleclick.net www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.shinola.com *.filson.com *.cloudflare.com *.yotpo.com *.googletagmanager.com *.igodigital.com *.cookiebot.com *.remoteretail.com *.force.com *.bing.com *.adsrvr.org *.cloudfront.net *.retentionscience.com *.salesforceliveagent.com *.affirm.com *.signifyd.com *.sc-static.net sc-static.net s.pinimg.com snap.licdn.com connect.facebook.net s.yimg.com ws.zoominfo.com *.hotjar.com *.doubleclick.net *.analytics.yahoo.com *.impactradius-event.com *.cloudmaestro.com *.nr-data.net *.newrelic.com www.googleoptimize.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.typekit.net *.yotpo.com *.googleapis.com *.force.com *.cloudmaestro.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.imgix.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.paypal.com *.doubleclick.net *.yotpo.com *.google-analytics.com *.affirm.com *.signifyd.com *.signifyd.com:* *.authorize.net *.remoteretail.com *.rollbar.com *.bing.com ct.pinterest.com *.hotjar.com partners.shinola.com www.facebook.com *.nr-data.net *.newrelic.com *.google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://shinola.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 script-src 'nonce-3iovDKFVJv7HH8jVsod_bA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp:; report-uri /csp-report 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.br&source%5Bsection%5D=brochure&source%5Buuid%5D=9fb1784f22b84e15102dd1c11a4c0e49 1 base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'nonce-ni2HpNsyumRWU5ts5DGl1VpG' 'nonce-zx6jq8tteUkfdy0miWr+eBxj' 'nonce-8ynyFtUAlabSZ340nkcXDBB9' 'nonce-PQBodDeSDKZFm1JFMAqNkyVu' 'nonce-+qLjm52Cqb/0gcK10W1lhEQV' 'nonce-oq/Vo6n/LrK9w9QC/w2vYUSZ' 'nonce-6+qdwd0AlmkqdjK93TbBpwg5' 'nonce-AXebZOhRo9qYrQwLI8Nxt7AW' 'nonce-yk0YZqAX967mBB+TRvG1o0y/' 'unsafe-inline' https: 'strict-dynamic'; report-uri https://s.batch.com/api/2/security/?sentry_key=bf138b721b7f4a29b492f3ff84dca2b2&sentry_environment=production; 1 default-src 'self' data: gap: *.klarna.com *.freshchat.com *.vimeo.com *.youtube.com *.whittard.co.uk mention-me.com *.zenaps.com *.sub2tech.com *.gstatic.com; img-src data: blob: *.demandware.net *.commercecloud.salesforce.com *.amazonaws.com *.googletagmanager.com *.facebook.net *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.g.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.whittard.co.uk *.postcodeanywhere.co.uk *.pcapredict.com *.zmags.com *.yotpo.com *.tokywoky.com img.tokywoky.com *.klarnaservices.com *.klarnacdn.net *.mention-me.com *.awin1.com *.dwin1.com bda.bookatable.com i.ytimg.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.youtube.com *.vimeo.com bat.bing.com *.zenaps.com *.msgfocus.com *.fbsbx.com *.fbcdn.net graph.facebook.com *.zscloud.net *.googleusercontent.com *.klarnaevt.com i.vimeocdn.com *.surveymonkey.com; child-src 'self' blob: *.studentbeans.com *.google.com *.doubleclick.net *.facebook.com *.tokywoky.com *.freshchat.com mention-me.com *.mention-me.com *.klarna.com *.klarnaservices.com bda.bookatable.com *.sub2tech.com *.youtube.com *.vimeo.com *.zenaps.com *.googlesyndication.com *.online-metrix.net *.pagetiger.com *.googletagmanager.com connect.studentbeans.com *.zmags.com *.googleapis.com *.surveymonkey.com *.paperform.co paperform.co; style-src 'self' 'unsafe-inline' *.googleapis.com *.postcodeanywhere.co.uk *.pcapredict.com *.bootstrapcdn.com *.myfonts.net cdnjs.cloudflare.com *.yotpo.com *.freshchat.com *.mention-me.com *.sub2tech.com bda.bookatable.com *.zmags.com *.klarnacdn.net *.whittard.co.uk; font-src 'self' data: *.gstatic.com *.g.doubleclick.net *.bootstrapcdn.com *.yotpo.com *.bookatable.com *.zmags.com *.alicdn.com *.klarnacdn.net *.whittard.co.uk; media-src 'self' data: *.facebook.com *.youtube.com *.vimeo.com *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com *.cquotient.com *.tryzens-analytics.com:12443 *.facebook.net cdnjs.cloudflare.com cdn.cquotient.com *.googletagmanager.com www.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.dwin1.com *.postcodeanywhere.co.uk *.pcapredict.com *.zmags.com *.z-analytics.net *.yotpo.com *.tokywoky.com *.msecnd.net *.freshchat.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com *.worldpay.com bda.bookatable.com bat.bing.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.yottaa.com *.cloudfront.net *.freshworksapi.com *.zenaps.com *.paypal.com *.paypalobjects.com *.awin1.com *.dwin1.com *.sessioncam.com *.whittard.co.uk *.bootstrapcdn.com *.googlesyndication.com www.google.com *.studentbeans.com onlineerp.solution.quebec widget.surveymonkey.com *.paperform.co paperform.co; connect-src 'self' *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.tryzens-analytics.com:12280 *.postcodeanywhere.co.uk *.pcapredict.com *.yotpo.com *.tokywoky.com *.klarnauserservices.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com mention-me.com bda.bookatable.com *.zmags.com *.z-analytics.net *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.awin1.com *.dwin1.com *.yottaa.net *.sessioncam.com bat.bing.com *.facebook.com www.facebook.com *.google.com *.facebook.net *.googleapis.com widget.surveymonkey.com *.s3.amazonaws.com; manifest-src 'self'; ; report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; 1 upgrade-insecure-requests; block-all-mixed-content; report-uri https://diyaudioreport.report-uri.com/r/d/csp/reportonly 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fast.fonts.net http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/ http://player.polyv.net http://cdn.cookielaw.org http://cdn.cookielaw.org https://cdn.cookielaw.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.polyv.net https://player.polyv.net https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ http://cdnjs.cloudflare.com http://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://feld.com?gdsih-csp-report; 1 default-src 'self' *.hsbc.co.in; style-src 'self' 'unsafe-inline' *.hsbc.co.in; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hsbc.co.in cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.cn www.gstatic.com www.recaptcha.net accdn.lpsnmedia.net sy.v.liveperson.net cdn.appdynamics.com lptag.liveperson.net; img-src 'self' *.hsbc.co.in data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com www.google.co.uk www.google.com www.hsbc.co.in bat.bing.com cm.everesttech.net col.eum-appdynamics.com dev.day.com dpm.demdex.net hsbcbankglobal.sc.omtrdc.net tr.outbrain.com www.facebook.com www.google.co.in www.google.com.hk www.googletagmanager.com www.hsbc.co.uk lpcdn.lpsnmedia.net; child-src 'self' *.hsbc.co.in hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net www.google.com bid.g.doubleclick.net www.recaptcha.net; connect-src 'self' *.hsbc.co.in col.eum-appdynamics.com dpm.demdex.net bat.bing.com hsbcbankglobal.sc.omtrdc.net hsbcbankglobal.tt.omtrdc.net jsonip.com mboxedge31.tt.omtrdc.net mboxedge38.tt.omtrdc.net my.tealiumiq.com www.ap634.p2g.netd2.hsbc.com.hk www.mcmdev.hsbc.co.uk zndg4psmqxuf0fedt-hsbcdigital.siteintercept.qualtrics.com col.eum-appdynamics.com dpm.demdex.net; frame-src 'self' *.hsbc.co.in bid.g.doubleclick.net tags.tiqcdn.com www.google.com lpcdn.lpsnmedia.net hsbcbankglobal.demdex.net server.sy.liveperson.net; script-src-elem 'self' 'unsafe-inline' *.hsbc.co.in www.gstatic.com www.google.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net www.googleadservices.com www.googletagmanager.com www.gstatic.com www.recaptcha.net sy.v.liveperson.net tags.tiqcdn.com *.hsbc.com.hk lptag.liveperson.net cdn.appdynamics.com hsbcbankglobal.sc.omtrdc.net accdn.lpsnmedia.net; media-src 'self' *.hsbc.co.in lpcdn.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 font-src *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.cookiebot.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.youtube.com sumo.com *.sumo.com *.flbx.io *.omtrdc.net 'self' data: *.tomdixon.net *.tomdixontrade.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com polyfill.io *.getflowbox.com chimpstatic.com *.pcapredict.com *.sumome.com *.sumo.com *.cookiebot.com *.postcodeanywhere.co.uk *.googletagmanager.com *.facebook.com reddit.com *.bufferapp.com *.pinterest.com *.google.com *.gstatic.com *.googleapis.com *.nosto.com *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com *.postcodeanywhere.co.uk *.googleapis.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net sumo.com *.postcodeanywhere.co.uk *.google.com *.sumo.com *.amazonaws.com *.demdex.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'nonce-RLskotzWEi8bUBKlyHQtPQ==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; base-uri 'self'; block-all-mixed-content; report-uri /csp/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.mogucdn.com https://*.mogucdn.com http://*.juangua.com https://*.juangua.com http://*.meilishuo.com https://*.meilishuo.com http://*.meilishuo.net https://*.meilishuo.net http://*.mogujie.com https://*.mogujie.com http://*.qq.com https://*.qq.com http://*.mogujie.org https://*.mogujie.org http://*.meili-inc.com https://*.meili-inc.com http://*.mogu.com https://*.mogu.com http://*.mogu-inc.com https://*.mogu-inc.com; report-uri http://sd.mogujie.com/index.php 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://maps.googleapis.com https://i.vimeocdn.com; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' https://themes.googleusercontent.com 'unsafe-inline' use.typekit.net *.gstatic.com; connect-src 'self' https://www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src http: 'self' 'unsafe-inline' 'unsafe-eval' scene7.com pinimg.com pinterest.com cquotient.com newrelic.com nr-data.net hotjar.io bazaarvoice.com hotjar.com ugc.bazaarvoice.com *.247-inc.net columbia.com demandware.net inmoment.com zdassets.com onetrust.com zopim.com sspinc.io adobedtm.com 247-inc.net ca.assist.247-inc.net demdex.net curalate.com tt.omtrdc.net 112.2o7.net truefitcorp.com nexus.bazaarvoice.com bluecore.com youtube.com ytimg.com adyen.com paypal.com vimeo.com typekit.net *.typekit.net curations.bazaarvoice.com vimeocdn.com reviews.bazaarvoice.com fit-predictor.net data:; 1 script-src 'nonce-mLskB3zN5tYClaX-0BYoog' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 script-src 'report-sample' 'nonce-uEqCOecyN0VLOyrjEWgZqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/geo-discussion-forums-dispatch/ 1 default-src 'self'; style-src 'unsafe-inline' https://fonts.googleapis.com/css https://storage.googleapis.com/cdn1.papercut.com/ https://cdn.papercut.com/web/digital/ https://cdn1.papercut.com/ https://www.papercut.com/support/resources/manuals/ https://*.typekit.net https://use.fontawesome.com https://maxcdn.bootstrapcdn.com/; img-src *; media-src https://static.zdassets.com/web_widget/; script-src 'unsafe-eval' 'unsafe-inline' https://storage.googleapis.com/cdn1.papercut.com/ https://*.papercut.com/ https://www.papercut.com/support/resources/manuals/ https://analytics.twitter.com https://static.ads-twitter.com/uwt.js *.google-analytics.com http://www.googleadservices.com https://googleads.g.doubleclick.net/ https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/ https://apis.google.com/js/platform.js https://static.zdassets.com/web_widget/ https://static.zdassets.com/ekr/snippet.js https://edge.fullstory.com/s/fs.js https://cdn.solvvy.com/ https://papercutsoftware.disqus.com/embed.js https://script.hotjar.com/ https://static.hotjar.com/c/hotjar-687816.js http://js.hs-scripts.com/8186336.js https://js.hs-banner.com/8186336.js https://js.hs-scripts.com/8186336.js https://js.hscollectedforms.net/collectedforms.js https://js.hs-analytics.net/analytics/ http://munchkin.marketo.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://px.spiceworks.com/px.js https://connect.facebook.net/signals/config/ https://connect.facebook.net/en_US/fbevents.js https://www.bugherd.com/sidebarv2.js https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api http://use.typekit.net/oml6hsj.js https://cdnjs.cloudflare.com/ajax/libs/Detect.js/2.2.2/detect.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-scrolldepth/1.0.0/jquery.scrolldepth.min.js http://cdnjs.cloudflare.com/ajax/libs/validate.js/0.12.0/validate.min.js http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js https://unpkg.com/vue/dist/vue.min.js; font-src https://maxcdn.bootstrapcdn.com/ https://use.typekit.net/ https://use.fontawesome.com https://fonts.gstatic.com/; frame-src https://disqus.com/embed/comments/ https://disqus.com/home/forums/papercutsoftware/ https://youtube.com/embed/ https://www.youtube.com/embed/ http://fast.wistia.com/ http://fast.wistia.net/ https://vars.hotjar.com/ https://bid.g.doubleclick.net/; connect-src https://storage.googleapis.com/cdn1.papercut.com/ *.papercut.com/ https://api-dot-pc-internal-dev.appspot.com/api/ https://api-dot-pc-internal-staging.appspot.com/api/ https://api-dot-pc-internal.appspot.com/api/ https://papercut.zendesk.com/ https://ekr.zdassets.com/compose/ https://rs.fullstory.com/rec/page wss://widget-mediator.zopim.com/ https://forms.hubspot.com/collected-forms/ https://papercut-portal.auth0.com/oauth/token https://api.solvvy.com/ http://*.mktoresp.com/ http://*.mktoutil.com/ https://www.facebook.com/tr/ https://in.hotjar.com/api/v2/client/sites/687816/ https://www.google-analytics.com https://stats.g.doubleclick.net/; report-uri https://009bdxat.uriports.com/reports/report; report-to default; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1 default-src 'self'; manifest-src 'self' cdn.goskills.com; connect-src 'self' data: wss://www.goskills.com *.akamaized.net bat.bing.com *.braintree-api.com *.braintreegateway.com www.facebook.com accounts.google.com *.doubleclick.net translate.googleapis.com *.hotjar.com www.reddit.com *.vimeocdn.com *.vimeo.com eventapi.libring.com *.ibytedtos.com; font-src 'self' cdn.goskills.com cdn.embedly.com fonts.gstatic.com *.hotjar.com *.tiktokcdn.com data:; frame-src 'self' assets.braintreegateway.com *.kaptcha.com clickmeter.com conversions.clickmeter.com cdn.embedly.com *.facebook.net www.facebook.com saltcdn2.googleapis.com www.google.com www.googleadservices.com www.gstatic.com *.hotjar.com www.instagram.com content.leadquizzes.com www.microsoft.com ajax.aspnetcdn.com appsforoffice.microsoft.com *.paypal.com old.reddit.com www.tiktok.com platform.twitter.com player.vimeo.com www.youtube.com ucads-cdn.ucweb.com gateway.zscloud.net; img-src 'self' data: cdn.goskills.com video.goskills.com bat.bing.com assets.braintreegateway.com *.kaptcha.com jsl.infostatsvc.com *.embed.ly www.facebook.com gravatar.com www.google-analytics.com www.google.com www.gstatic.com stats.g.doubleclick.net * static.hotjar.com *.paypal.com shareasale.com images.unsplash.com i.ytimg.com cdn.vertex42.com; media-src 'self' data: cdn.goskills.com video.goskills.com *.akamaihd.net gcs-vimeo.akamaized.net player.vimeo.com *.vimeocdn.com; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'nonce-72131000725613437' cdn.goskills.com 'report-sample' cdn.ampproject.org bat.bing.com js.braintreegateway.com connect.facebook.net www.recaptcha.net www.google.com www.google-analytics.com ajax.googleapis.com www.gstatic.com *.hotjar.com www.instagram.com ajax.aspnetcdn.com appsforoffice.microsoft.com telemetryservice.firstpartyapps.oaspapps.com *.paypal.com a.quora.com embed.redditmedia.com www.tiktok.com *.tiktokcdn.com platform.twitter.com *.ubembed.com; style-src 'self' 'unsafe-inline' cdn.goskills.com cdn.embedly.com fonts.googleapis.com *.tiktokcdn.com; report-uri https://goskills.report-uri.com/r/d/csp/reportOnly 1 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com cloudinary.com *.cloudinary.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com *.googleapis.com code.jquery.com cdn.getfinancing.com cdn.noibu.com *.yieldify.com widget-mediator.zopim.com *.callrail.com www.googletagmanager.com *.google-analytics.com *.cloudflare.com www.google-analytics.com *.trustpilot.com *.yotpo.com certify-js.alexametrics.com *.bing.com *.hotjar.com js.klevu.com *.listrakbi.com *.zopim.com connect.facebook.net app.purechat.com services.listrak.com js-agent.newrelic.com *.nr-data.net prod.purechatcdn.com kenwheeler.github.io core.spreedly.com hosted.subscribepro.com api.resellerratings.com googleads.g.doubleclick.net cdn.aimtell.com www.resellerratings.com player.vimeo.com tpc.googlesyndication.com www.google.com cmp.osano.com www.googleadservices.com yieldify.com custom.yieldify.com static.cloudflareinsights.com acsbapp.com 1 default-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.twitter.com *.google.com *.facebook.com *.wowza.com http://wowzaprod123-i.akamaihd.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net *.typekit.net *.twitter.com *.twimg.com *.wowza.com *.icontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.facebook.net *.cloudflare.com https://secure.adnxs.com *.demandbase.com *.icontact.com *.gstatic.com *.google.com *.wowza.com; img-src 'self' data: *.youtube.com https://aepcdn.com *.twitter.com *.google-analytics.com *.twimg.com *.twimg.com *.facebook.com https://secure.adnxs.com *.demandbase.com https://aep-power.tsyawshost.com *.icontact.com http://prod-railsapp.s3.amazonaws.com; connect-src 'self' http://wowzaprod123-i.akamaihd.net *.wowza.com https://americanelectric2018tf.q4web.com; media-src 'self' http://wowzaprod123-i.akamaihd.net *.youtube.com blob: ; font-src 'self' https://use.typekit.net data: ; 1 font-src *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.snapchat.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://woobox.com https://js.stripe.com https://www.google.com *.doubleclick.net https://www.youtube.com *.facebook.com *.snapchat.com *.emjcd.com *.dotomi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.connect.facebook.net *.boxycharm.com *.collect.igodigital.com *.outbrain.com *.google.by *.paypal.com 'self' data: *.doubleclick.net *.google.com *.pinterest.com *.bing.com *.postcodeanywhere.co.uk *.reddit.com *.cdnwidget.com *.facebook.com *.boxytest.com *.boxypreprod.com http://static.boxycharm.com *.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.gstatic.com *.googlesyndication.com *.boxytest.com *.ibytedtos.com *.facebook.net *.collect.igodigital.com *.outbrain.com *.stridespark.com https://js.braintreegateway.com https://c.paypal.com/ *.google.com https://woobox.com/ *.pcapredict.com *.googletagmanager.com *.pinimg.com *.bing.com *.alooma.com *.getambassador.com *.fullstory.com *.cloudfront.net *.cdnwidget.com *.doubleclick.net https://youtube.com/ *.newrelic.com *.nr-data.net *.ravelin.net *.postcodeanywhere.co.uk https://mbsy.co/ *.treasuredata.com *.yimg.com https://sc-static.net/ *.stackadapt.com *.yahoo.com *.carthook.com *.jquery.com *.tiktok.com *.ipstatp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.gstatic.com *.googleapis.com *.postcodeanywhere.co.uk *.srv.stackadapt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.bing.com *.tiktok.com *.tt.omtrdc.net *.srv.stackadapt.com *.cardinalcommerce.com https://payments.sandbox.braintree-api.com https://origin-analytics-sand.sandbox.braintree-api.com https://www.paypal.com *.fullstory.com *.pinterest.com *.alooma.com *.cloudflare.com *.nr-data.net *.postcodeanywhere.co.uk *.ravelin.net *.grin.co *.google-analytics.com *.braintreegateway.com *.cdnbasket.net *.cdnwidget.com *.getambassador.com *.pusherapp.com *.yimg.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.fr&source%5Bsection%5D=brochure&source%5Buuid%5D=ec8df4ea5e6c7d89dfcf6ea1a3ec9fef 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com hc-cdn.visma.net cdn.wootric.com production.wootric.com eligibility.wootric.com; img-src * 'unsafe-inline' 'unsafe-eval'; report-uri /ajax/logging/log_csp_report 1 default-src 'none'; connect-src https://healthbyro.cloudflareaccess.com https://api-js.mixpanel.com https://www.google-analytics.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://api.lever.co/v0/postings/; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src https://vars.hotjar.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://script.hotjar.com https://static.legitscript.com/seals/ data:; manifest-src 'self' https://healthbyro.cloudflareaccess.com; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://static.legitscript.com/seals/ 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/css 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'; report-uri https://healthbyro.report-uri.com/r/t/csp/reportOnly 1 report-uri https://www.yelp.com/csp_report_only?id=1e64fa57b24f213e&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618354189; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'none'; connect-src 'self' data: https://*.honeybadger.io https://*.convertkit.com/ https://*.profitwell.com https://*.usefathom.com/ https://echidna.honeybadger.io/ https://stats.g.doubleclick.net https://www.google-analytics.com https://api.segment.io/v1/ https://*.wistia.com/x https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://rmbutterfly.com/1661691228/ https://embedwistia-a.akamaihd.net/ https://hb-posthog.herokuapp.com; font-src 'self' data: http://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.profitwell.com https://*.usefathom.com/ https://*.honeybadger.io/ https://*.convertkit.com/ https://gist.github.com https://www.googletagmanager.com/ https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.segment.com/analytics.js/v1/Vh0hrL9NfiyA8PXfEW4pPCQbrkG2bBAy/analytics.min.js https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/ https://hb-posthog.herokuapp.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com/ https://www.gstatic.com/; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.google.com *.zopim.com *.hotjar.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.hotjar.com *.trustpilot.com *.youtube.com *.freshchat.com https://www.googletagmanager.com/ www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.google.com *.google.com.vn *.bsscommerce.com *.zopim.io *.zopim.com *.bing.com *.googletagmanager.com *.hotjar.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com *.addthis.com *.google.com *.trackedlink.net *.cloudflare.com *.zopim.com *.hotjar.com *.zdassets.com chimpstatic.com *.trustpilot.com *.googletagmanager.com *.crazyegg.com *.bing.com *.gstatic.com *.freshchat.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ connect.facebook.net twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com maxcdn.bootstrapcdn.com *.trackedlink.net *.doubleclick.net *.freshchat.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.io *.zopim.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com *.googleapis.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.zdassets.com wss://*.hotjar.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hooru.regence.com providers.regence.com h.online-metrix.net www.shop.regence.com *.force.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net maxcdn.bootstrapcdn.com; form-action providers.regence.com www.regence.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam-cell.nr-data.net secure-ds.serving-sys.com bs.serving-sys.com js-agent.newrelic.com maxcdn.bootstrapcdn.com h.online-metrix.net hooru.regence.com ajax.googleapis.com tag.demandbase.com cdnjs.cloudflare.com tags.tiqcdn.com polyfill.io use.typekit.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: providers.regence.com pc2-collect.tealiumiq.com secure-ds.serving-sys.com hooru.regence.com www.cambiahealthplanapis.com bam-cell.nr-data.net api.company-target.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam-cell.nr-data.net *.online-metrix.net px.ads.linkedin.com beonbrand.getbynder.com p.typekit.net hooru.regence.com match.prod.bidr.io segments.company-target.com id.rlcdn.com; report-uri /csp_report 1 font-src fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com connect.facebook.net graph.facebook.com api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; connect-src 'self' www.google-analytics.com;script-src 'self' 'report-sample' platform.instagram.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com connect.facebook.net payment.paytrail.com www.googletagmanager.com www.google-analytics.com; sandbox allow-downloads allow-popups allow-scripts allow-same-origin allow-top-navigation allow-forms allow-modals allow-popups-to-escape-sandbox allow-presentation; img-src * data: blob:; style-src * 'unsafe-inline'; font-src * data: about:; media-src *; frame-src * data:; report-uri https://peda.net/:reportcspviolation/00000000-0000-1302-8000-000000000000 1 script-src 'unsafe-eval' 'unsafe-inline' 'self' *.signaturehardware.com initjs.rfk.signaturehardware.com *.rfksrv.com cdn.pdst.fm cdn.curalate.com tpc.googlesyndication.com c.zmags.com *.affirm.com s.go-mpulse.net *.authorize.net *.bazaarvoice.com *.cloudfront.net *.cloudmaestro.com *.criteo.com *.criteo.net *.listrakbi.com *.pepperjam.com *.pinterest.com *.steelhousemedia.com c.z-analytics.net code.jquery.com widget-mediator.zopim.com bam.nr-data.net bam-cell.nr-data.net bat.bing.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com maps.googleapis.com pinterest.adsymptotic.com pixel.mathtag.com platform.houzz.com s.pinimg.com services.listrak.com static.chartbeat.com static.site24x7rum.com static.zdassets.com tracking.deepsearch.adlucent.com v2.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.signaturehardware.com www.youtube.com pixel.snapsmedia.io boards.greenhouse.io s.ytimg.com edge.curalate.com nexus.ensighten.com mpsnare.iesnare.com cdn.noibu.com getrockerbox.com cdns.brsrvr.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=appserver 1 media-src briefly.ru video-preview.s3.yandex.net www.litres.ru www.storytel.se d3ctxlq1ktw2nl.cloudfront.net file2.podfm.ru secure-ds.serving-sys.com tube.buzzoola.com; report-uri https://briefly.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' *.hsbc.com.sg; script-src 'self' 'unsafe-eval' *.hsbc.com.sg 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.com.sg 'unsafe-inline'; img-src 'self' *.hsbc.com.sg data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.com.sg hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.com.sg col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com static.searchanise.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com searchanise-ef84.kxcdn.com s3.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.cmore.se https://*.cmore.dk https://*.cmore.no; report-uri https://csp-report.b17g.net/ 1 default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=A1QAP3MOU4173J:sid=358-6911672-1419307:rid=9ATDERKNXK2F14YQNB44:sn=www.audible.co.jp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu https://app-script.monsido.com https://tracking.monsido.com https://code.jquery.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu https://app-script.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://cdn.yoshki.com *.google.com *.gstatic.com; object-src 'self'; img-src 'self' *.usercentrics.eu *.monsido.com http://reedsmith.vuture.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.usercentrics.eu https://www.google-analytics.com;frame-ancestors 'self' *.usercentrics.eu https://tracking.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; report-uri https://d347b8264a61d229bec175972d08ae24.report-uri.io/r/default/csp/enforce 1 font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.adyen.com *.youtube.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.googleadservices.com *.google-analytics.com 'self' data: *.yotpo.com yotpo-stool.s3.amazonaws.com *.doubleclick.net *.google.com *.adyen.com *.postcodeanywhere.co.uk *.youtube.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.yotpo.com js-agent.newrelic.com *.nr-data.net *.googletagmanager.com *.doubleclick.net *.hotjar.com *.postcodeanywhere.co.uk *.pcapredict.com *.adyen.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com 'self' data: *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.google.com *.yotpo.com *.postcodeanywhere.co.uk yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.yotpo.com *.nr-data.net stats.g.doubleclick.net *.postcodeanywhere.co.uk yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.mx&source%5Bsection%5D=brochure&source%5Buuid%5D=485e318c1017d8b1964ec109757ee54d 1 default-src https: 'self' 'unsafe-inline'; 1 default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://www.preloved.co.uk/t/csp-report; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.hubspot.com/ https://forms.hsforms.com/ https://js.hsforms.net/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://js.hsleadflows.net/ https://snap.licdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://tags.srv.stackadapt.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://connect.facebook.net/ https://w.soundcloud.com/; img-src 'self' data: https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://googleads.g.doubleclick.net/ https://track.hubspot.com/ https://perf.hsforms.com/ https://px.ads.linkedin.com/ https://t.co/ https://www.facebook.com/ https://p.adsymptotic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://tags.srv.stackadapt.com/; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://vars.hotjar.com/; connect-src 'self' https://forms.hubspot.com/ https://tags.srv.stackadapt.com/ https://in.hotjar.com/; upgrade-insecure-requests; block-all-mixed-content; 1 block-all-mixed-content; report-uri https://tanp.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https://*.brainstation.io; img-src 'self' blob: data: https:; font-src 'self' data: https:; style-src 'self' data: https: 'unsafe-inline'; media-src 'self' blob: data: https:; script-src 'self' 'nonce-LbwpR5/Q42KvCDMLDBURhg==' 'unsafe-inline' https://*.brainstation.io https://maxcdn.bootstrapcdn.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net ssl.google-analytics.com bat.bing.com snap.licdn.com connect.facebook.net *.quora.com platform.twitter.com https://api.raygun.io *.live-video.net https://js.stripe.com; report-uri https://report-to-api.raygun.com/reports-csp?apikey=N2M8n90VfFeHHg24B9C5A&tags=%5B%22io%22%5D; connect-src 'self' https://*.brainstation.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.ca https://www.facebook.com https://bat.bing.com https://*.quora.com https://api.raygun.io *.live-video.net https://api.stripe.com; child-src 'self' https://*.brainstation.io https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net blob:; form-action 'self' https://*.brainstation.io https://intercom.help https://api-iam.intercom.io; frame-src 'self' https://*.brainstation.io platform.twitter.com https://www.facebook.com https://js.stripe.com https://hooks.stripe.com; worker-src 'self' https://*.brainstation.io blob: 1 default-src 'self' data: *.google-analytics.com *.googleapis.com *.doubleclick.net www.googletagmanager.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com *.dataweavers.io *.addthis.com *.addthisedge.com cdn.cookielaw.org *.vimeo.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com gpnprodsxavideo.azureedge.net gpnprodlegacys3.azureedge.net gpnprodprilegacys3.blob.core.windows.net; font-src 'self' *.googleapis.com fonts.gstatic.com *.dataweavers.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.doubleclick.net www.googletagmanager.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com *.addthis.com *.addthisedge.com cdn.cookielaw.org code.jquery.com *.vimeo.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com data: *.dataweavers.io; style-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com www.googletagmanager.com cdn.cookielaw.org cdnjs.cloudflare.com *.dataweavers.io; 1 frame-ancestors 'self'; report-uri https://qnhknc5np9.execute-api.us-east-1.amazonaws.com/prod/csp-report 1 default-src 'self' www.youtube.com www.cut-e.net www.maptq.com fastpath.isvinternet.com op.scharley.ch; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' orchestration.westeurope.cloudapp.azure.com; img-src data: https:; style-src 'unsafe-inline' https:; media-src 'self' vidassess.blob.core.cloudapi.de vidassessprod.blob.core.cloudapi.de vidstorage.maptq.com; font-src data: https: 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: techport.ru *.techport.ru https://vk.com https://*.vk.com https://cdn.api.twitter.com https://www.odnoklassniki.ru https://odnoklassniki.ru https://ok.ru https://connect.ok.ru https://facebook.com https://*.facebook.com https://connect.facebook.net https://yandex.ru https://*.yandex.ru https://ya.ru https://yandex.st https://yastatic.net https://*.yadro.ru https://webvisor.com https://mc.webwisor.org https://google.com https://*.google.com https://google.ru https://*.google.ru https://translate.google.cn https://*.googleapis.com https://*.googleadservices.com https://googletagservices.com https://*.googletagservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://*.googlesyndication.com https://*.mail.ru https://top-fwz1.mail.ru https://youtube.ru https://*.youtube.ru https://youtube.com https://*.youtube.com https://s.ytimg.com https://*.criteo.net https://*.criteo.com https://video.bosch-pt-video.com https://uc.xddi.ru https://techport-st.cdn.ngenix.net https://demoup.com https://*.demoup.com https://pickpoint.ru https://*.flixfacts.com https://*.flixcar.com https://*.flix360.com https://logo.flixfacts.co.uk https://media.flixsyndication.net https://*.doubleclick.net https://www.alexa.com https://*.alexa.com https://ssp.rambler.ru https://profile.ssp.rambler.ru https://*.paymentgate.ru https://*.robokassa.ru https://*.sandbox.paypal.com https://*.paypal.com https://paypal.com https://www.paypal.com https://*.mkb.ru https://*.rbsuat.com https://*.begun.ru https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://api.flocktory.com https://techport.api.sociaplus.com https://flv.isitetv.com; report-uri //www.techport.ru/csp; report-to //www.techport.ru/csp; 1 default-src 'self'; img-src 'self' images.clearscore.com www.googletagmanager.com www.google-analytics.com www.google.co.za www.google.com.au www.google.co.in www.google.co.uk www.google.com www.gstatic.com translate.google.com *.linkedin.com www.facebook.com connect.facebook.net cx.atdmt.com cds.taboola.com statistics-dot-calconic-app.appspot.com data:; font-src 'self' cdn2-fs.clearscore.com fonts.gstatic.com storage.googleapis.com; style-src 'self' 'unsafe-inline' cdn2-fs.clearscore.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.segment.com eum.instana.io www.googletagmanager.com www.google.com cdnil.clarisite.com www.google-analytics.com www.googleadservices.com *.doubleclick.net sp.analytics.yahoo.com s.yimg.com app.link cdn.branch.io snap.licdn.com connect.facebook.net cdn.appsflyer.com cdn.calconic.com *.taboola.com ucads-cdn.ucweb.com; connect-src 'self' *.clearscore.com www.google-analytics.com adservice.google.com www.google.com report.clearscore.glassboxdigital.io eum-eu-west-1.instana.io sentry.io api.segment.io stats.g.doubleclick.net apply.workable.com gbr-smv-tracking.adalyser.com api.raygun.io api2.branch.io banner.appsflyer.com s.yimg.com app.calconic.com trc-events.taboola.com gjtrack.ucweb.com plugin.ucads.ucweb.com; media-src 'self' media.clearscore.com mpsnare.iesnare.com; frame-src 'self' *.doubleclick.net servedby.flashtalking.com www.youtube.com; child-src 'self' *.doubleclick.net servedby.flashtalking.com www.youtube.com; report-uri https://o241366.ingest.sentry.io/api/1780025/security/?sentry_key=81f979860e6d4d55be02cb7430639d63&sentry_environment=production 1 default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/private/csp-report 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.fr ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.fr *.spreadshirt.fr ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.fr ; font-src 'self' https: data: *.spreadshirt.fr ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.fr ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.fr ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https:; report-uri /report-mixed-content 1 font-src *.cloudflare.com *.twitter.com fonts.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.tawk.to 'self' data: maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com www.google.com accounts.google.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com api.razorpay.com *.twitter.com *.google.com *.addthis.com *.doubleclick.net www.google.com accounts.google.com www.googletagmanager.com googletagmanager.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.jsdelivr.net *.google.com *.ccavenue.com www.google.com accounts.google.com *.facebook.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com js.stripe.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.googletagmanager.com embed.tawk.to googleads.g.doubleclick.net cdn.jsdelivr.net *.razorpay.com www.google.com accounts.google.com googletagmanager.com *.googletagmanager.com *.facebook.net connect.facebook.net twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com lumberjack.razorpay.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.tawk.to www.google-analytics.com *.doubleclick.net www.google.com accounts.google.com www.googletagmanager.com googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://magecomp.com/; report-to report-endpoint; 1 default-src 'self'; child-src https://www.youtube-nocookie.com https://*.twitter.com; connect-src 'self' https://*.qmee.com https://*.qmree.com wss://*.qmee.com wss://*.qmree.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://api2.branch.io https://d3pkntwtp2ukl5.cloudfront.net/ https://*.hotjar.com https://studies.qurated.ai/; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://d1s51etp8bktk6.cloudfront.net; frame-ancestors https://*.qmee.com; frame-src https://www.youtube-nocookie.com https://*.twitter.com https://*.facebook.com https://tpc.googlesyndication.com https://*.hotjar.com; img-src 'self' data: https://*.twimg.com https://*.twitter.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://www.gstatic.com https://d30s7yzk2az89n.cloudfront.net https://www.google.com https://www.google.co.uk https://translate.googleapis.com https://translate.google.com https://googleads.g.doubleclick.net https://i.ytimg.com https://d3t2iypqerjd0u.cloudfront.net https://d1s51etp8bktk6.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ajax.googleapis.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.gstatic.com https://bam.nr-data.net https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://tpc.googlesyndication.com https://cdn.branch.io https://app.link/ https://*.hotjar.com https://cdn.scripts.qmee.com https://d3t2iypqerjd0u.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.twitter.com https://www.gstatic.com https://translate.googleapis.com https://d3t2iypqerjd0u.cloudfront.net https://d1s51etp8bktk6.cloudfront.net; report-uri https://csp-report.qmee.com/csp_report_violations 1 default-src 'self' *.hsbc.com.au; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hsbc.com.au cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.hsbc.com.au; img-src 'self' *.hsbc.com.au data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.com.au hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.com.au col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 default-src 'self'; frame-src https://api-5487f10a.duosecurity.com/ https://www.google.com https://www.youtube.com/ https://static.addtoany.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com/ https://ajax.cloudflare.com/ https://www.google.com/ https://www.google-analytics.com https://www.gstatic.com; report-uri /csp-reports.php 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.xtento.com cdn.xtento.com https://redchamps.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.xtento.com cdn.xtento.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: blob:; connect-src 'self' https: wss:; frame-src https:; object-src 'none'; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https: blob:; report-uri https://www.rfpio.com/csp-report 1 default-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: blob: data:; child-src https: blob:; report-uri https://sentry.io/api/72071/csp-report/?sentry_key=4fb747b409644084ba393c5ab7399d16; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-Mjc2ODAwODkwMywyMzQ1OTA2MTQ='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src *; img-src * data:; font-src * data:; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' 1 mf_youtube_widget_img_src https://img.youtube.com; font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es store.paradoxlabs.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://static.klaviyo.com *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://use.typekit.net https://maxcdn.bootstrapcdn.com fonts.gstatic.com login.libproxy.library.unt.edu login.myaccess.library.utoronto.ca 'self' 'unsafe-inline'; form-action https://pilot-payflowlink.paypal.com test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es payflowlink.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://cdn.jst.ai https://s7.addthis.com https://rgray-springerpub.formtitan.com https://www.google.com https://pilot-payflowlink.paypal.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es app-ab04.marketo.com assets.pinterest.com bid.g.doubleclick.net payflowlink.paypal.com vars.hotjar.com www-google-com.libproxy.library.unt.edu www.facebook.com www.youtube.com 'self' 'unsafe-inline'; img-src https://d2ldlvi1yef00y.cloudfront.net www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es a.rfihub.com aa.agkn.com adadvisor.net ads.avocet.io ads.scorecardresearch.com ads.yahoo.com app-ab04.marketo.com assets.crossref.org b1img.com bcp.crwdcntrl.net beacon.krxd.net beacon.walmart.com cm.adgrx.com cm.g.doubleclick.net cms.analytics.yahoo.com connect.facebook.net csyn-r.cxense.com cw.addthis.com d.adroll.com d.agkn.com d.turn.com d.xp1.ru4.com data: deviceid.trueleadid.com dmp.adform.net dmp.truoptik.com dpm.demdex.net ds.reson8.com dsp.adfarm1.adition.com dsum-sec.casalemedia.com e.dlx.addthis.com e.nexac.com eb2.3lift.com ei.rlcdn.com epiv.cardlytics.com fcmatch.google.com fcmatch.youtube.com google.com gpush.cogocast.net gum.criteo.com gwiq-v3.globalwebindex.net h.parrable.com i.liadm.com iad02-login-ds.dotomi.com iad03-login-ds.dotomi.com ib.adnxs.com idsync.reson8.com idsync.rlcdn.com idx.listrakbi.com image2.pubmatic.com img.webmd.com lghttp.48653.nexcesscdn.net live.rezync.com liveramp2waycm-atl.netmng.com loadm.exelator.com log.pinterest.com login-ds.dotomi.com login.dotomi.com lrp.mxptint.net lrpush.apxlv.com magnetic.t.domdex.com match.adsrvr.org match.prod.bidr.io ml314.com nexus.entitytag.co.uk odr.mookie1.com p.adsymptotic.com p.rfihub.com pippio.com pixel.advanseads.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.sitescout.com pixel.spotify.com platform.rtbiq.com pm.w55c.net presentation-hkg1.turn.com prod.y-medialink.com pt.ispot.tv px.ads.linkedin.com px.surveywall-api.survata.com rc.rlcdn.com rtb.adentifi.com s.acxiomapac.com s.amazon-adsystem.com secure-gl.imrworldwide.com secure.insightexpressai.com seg.sharethis.com segments.company-target.com simage2.pubmatic.com springerpub.com srv4j.net ssum.casalemedia.com stags.bluekai.com subscription.omnithrottle.com sync-tm.everesttech.net sync.ipredictive.com sync.mathtag.com sync.outbrain.com sync.placelocal.com sync.srv.stackadapt.com sync.taboola.com sync.tidaltv.com sync.vmweb.net tag.apxlv.com tag.cogocast.net tag.yieldoptimizer.com tags.bluekai.com tags.rd.linksynergy.com testgvbgjbhjb.com tg.socdm.com thrtle.com token.rubiconproject.com tr.snapchat.com uipglob.semasio.net um.simpli.fi upload.wikimedia.org ups.analytics.yahoo.com us-u.openx.net usermatch.krxd.net usersync.videoamp.com widget.criteo.com www.addthis.com www.entitytag.co.uk www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.za www.google.com www.google.com.ar www.google.com.au www.google.com.co www.google.com.hk www.google.com.mx www.google.com.ng www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.tr www.google.com.tw www.google.de www.google.es www.google.fi www.google.ie www.google.it www.google.lt www.google.ml www.google.nl www.google.ru www.google.se www.googletagmanager.com www.gstatic.com www.linkedin.com www.springerpub.com www.vitalsource.com x.bidswitch.net x.dlx.addthis.com zdbb.net 'self' 'unsafe-inline'; script-src https://munchkin.marketo.net https://cdn.jst.ai https://my.jst.ai https://analytics.jst.ai https://www.googletagmanager.com https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://graph.facebook.com https://api-public.addthis.com https://d3v0iqf1i1i9dg.cloudfront.net https://www.google.com https://www.gstatic.com https://vk.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es app-ab04.marketo.com assets.pinterest.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org googleads.g.doubleclick.net mtvwa3.d2sri.com pippio.com s.adroll.com s.dca0.com script.hotjar.com sn.dca0.com snap.licdn.com static.hotjar.com tools.justuno.com widgets.pinterest.com www-google-com.libproxy.library.unt.edu www.googletagmanager.com www.hoexoxg.site *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://use.typekit.net https://p.typekit.net https://maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://analytics.jst.ai https://512-tee-232.mktoresp.com https://m.addthis.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es 'self' 512-tee-232.mktoutil.com api-public.addthis.com in.hotjar.com *.dca0.com my.jst.ai stats.g.doubleclick.net t.dca0.com vc.hotjar.io www.facebook.com www.google-analytics.com www.springerpub.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://springercsp.report-uri.com/r/d/csp/wizard; report-to report-endpoint; 1 default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com http://www.googletagmanager.com https://auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1005972000/ https://www.gstatic.com http://www.gstatic.com https://apis.google.com/ https://maps.googleapis.com https://ssl.google-analytics.com/ga.js https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://gstatic.com http://www.google-analytics.com https://gstatic.com https://www.youtube.com 'sha256-wzDSC9Ng7hg0zAGGcsMrAygpwBSxYkncJ3rTQW07D/w=' 'sha256-4Nrm6Y6gbXB7I7AHt3wbna8CPLxr6gY2DWgen5N29WM=' 'sha256-HtSYECLUS5fUkqPFdfvbTKhSVqKC1dLTi8NgUNgqWWM=' 'sha256-GkBInAWUrrH0Wqa2mCLBCi4TXX1TJFK8br8Us5BAxlQ=' 'sha256-tyLY+5jpuxNWtzJVDdDw6KxnEj3mwZvskcZjjT4sD+8=' 'sha256-GkBInAWUrrH0Wqa2mCLBCi4TXX1TJFK8br8Us5BAxlQ=' 'sha256-GkBInAWUrrH0Wqa2mCLBCi4TXX1TJFK8br8Us5BAxlQ='; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://bid.g.doubleclick.net https://scone-pa.clients6.google.com/; img-src 'self' https://adservice.google.com https://1.bp.blogspot.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://lh3.googleusercontent.com https://maps.gstatic.com https://storage.googleapis.com https://www.google-analytics.com https://www.google.com http://www.google-analytics.com http://ad.doubleclick.net; manifest-src 'self'; media-src 'self' https://storage.googleapis.com; 1 worker-src blob:; font-src *.fontawesome.com *.narvar.com *.narvar.qa https://cdnjs.cloudflare.com *.cloudflare.com *.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.twitter.com *.youtube.com *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.googletagmanager.com *.facebook.com *.hotjar.com *.twitter.com *.demdex.net *.doubleclick.net *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.vimeo.com *.snapchat.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.narvar.com *.narvar.qa https://s.ytimg.com *.ytimg.com *.magentocommerce.com *.paypal.com *.cloudfront.net *.amazon.com *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.bigcontent.io *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.emdex.net *.everesttech.net data: *.avada.io *.visualwebsiteoptimizer.com *.bing.com *.facebook.com *.quantserve.com *.doubleclick.net *.google.com *.google.be *.google.co.in *.omtrdc.net *.demdex.net *.eastpak.com https://eastpak.com *.amasty.com http://fulluat-vfc.cs87.force.com *.test.adyen.com *.live.adyen.com blob: *.linksynergy.com *.yvesvanbroekhoven.be *.googletagmanager.com *.adis.ws *.storm.com *.contentsquare.net *.reddit.com *.dc-storm.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.avada.io https://cdnjs.cloudflare.com *.google.com *.googletagmanager.com *.googleadservices.com *.hotjar.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.onetrust.com *.facebook.net *.twitter.com *.bing.com *.visualwebsiteoptimizer.com *.authorize.net *.cloudfront.net *.braintreegateway.com *.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada-popup.min.js *.quantserve.com *.quantcount.com *.doubleclick.net *.webgains.io *.salesforceliveagent.com *.gstatic.com *.webgains.com https://w-it.m-t.io *.googleapis.com *.test.adyen.com *.live.adyen.com *.vimeocdn.com *.rmtag.com *.contentsquare.net http://smct.co *.ads-twitter.com *.go-mpulse.net *.sc-static.net https://sc-static.net *.redditstatic.com *.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa *.adis.ws *.eastpak.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.com *.amazonpay.jp mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.avada-popup.min.js *.emdex.net *.everesttech.net *.doubleclick.net www.google-analytics.com *.avada.io *.visualwebsiteoptimizer.com *.hotjar.com *.paypal.com *.paypalobjects.com *.demdex.net *.hotjar.io *.bing.com *.adyen.com *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.bugsnag.com *.google.co.in *.google.com wss: *.contentsquare.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.google.be *.onetrust.com *.pinterest.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1 script-src 'unsafe-eval' 'unsafe-inline' 'self' acsbap.com api.swiftype.com www.googleadservices.com s.dca0.com api.braintreegateway.com www.googletagmanager.com www.paypalobjects.com s.pinimg.com static.hotjar.com script.hotjar.com js-agent.newrelic.com *.webscalenetworks.net cdn.attn.tv sn.dca0.com bam.nr-data.net cdn4.forter.com tpc.googlesyndication.com d.adroll.com script.crazyegg.com cdn.listrakbi.com s1.listrakbi.com rum-static.pingdom.net s.swiftypecdn.com amiclubwear.com *.amiclubwear.com use.fontawesome.com shareasale-analytics.com apis.google.com *.cloudmaestro.com *.lagrangesystems.net d.adroll.mgr.consensu.org s.adroll.com *.facebook.net *.facebook.com *.cloudfront.net www.googletagmanager.com www.google-analytics.com www.gstatic.com tracead.com googleads.g.doubleclick.net bat.bing.com m1.listrakbi.com amiclubwear.happyfox.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1 block-all-mixed-content; default-src 'self'; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://*.googleapis.com https://*.novozymes.com https://ssl.google-analytics.com https://*.linkedin.com https://*.pardot.com https://*.cookieinformation.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.sharethis.com https://*.hotjar.com https://*.facebook.net https://*.licdn.com https://*.marketo.com https://*.marketo.net; style-src 'self' 'unsafe-inline' https://*.marketo.com https://fonts.googleapis.com/css https://ws.sharethis.com; img-src 'self' data: https:; child-src 'self' https://*.sharethis.com https://*.hotjar.com https://*.cookieinformation.com; connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.mktoutil.com https://*.sharethis.com https://*.doubleclick.net https://*.cookieinformation.com https://*.mktoresp.com https://*.google-analytics.com; frame-src 'self' https://www.novozymes.tv https://nz.23video.com https://*.sitecore.net https://sitecoreboost.azurewebsites.net https://*.pardot.com bid.g.doubleclick.net *.hotjar.com https://*.cookieinformation.com https://*.vimeo.com https://ws.sharethis.com https://www.youtube.com https://www.facebook.com https://*.marketo.com https://www.googletagmanager.com; report-uri https://novozymes.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: *.sgsr.us https://fonts.googleapis.com *.hotjar.com wss://*.hotjar.com; report-uri https://kzspmo8ia7.execute-api.us-west-1.amazonaws.com/ 1 default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https:; img-src 'self' blob: data: https: http:; media-src 'self' https: blob:; worker-src 'self' https://zenkit.com https://*.zenkit.com; frame-src https: blob:; frame-ancestors https:; connect-src 'self' https: wss:; object-src 'self' https://djtflbt20bdde.cloudfront.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https:; report-uri /csp-report 1 'img-src' 'blob' 'default-src' 'self' 'unsafe-inline' 'unsafe-eval' 'blob' blob: http://blog-cms.weddingz.in https://stats.g.doubleclick.net https://securesentry.oyorooms.io https://code.getmdl.io https://assets.pinterest.com https://graph.facebook.com *.s3.amazonaws.com https://api.instagram.com https://api.pinterest.com https://connect.facebook.net *.cloudfront.net https://ds-aksb-a.akamaihd.net *.googleapis.com *.gstatic.com *.criteo.com *.criteo.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://m.weddingz.in https://media.weddingz.in https://js-agent.newrelic.com https://assets.oyoroomscdn.com https://maxcdn.bootstrapcdn.com https://weddingz.in https://www.youtube.com https://tagmanager.google.com *.instagram.com https://instagram *.tile.openstreetmap.org; report-uri /private_apis/content-security-violation/ 1 default-src 'self' *.typekit.net *.google.com *.gstatic.com *.googleapis.com *.vimeo.com http://siteimproveanalytics.com https://vimeo.com *.googletagmanager.com 1 default-src 'self' data: *.doubleclick.net *.adriver.ru *.google.ru *.google.com *.criteo.com *.criteo.net tags.soloway.ru vk.com top-fwz1.mail.ru *.facebook.com *.facebook.net www.googletagmanager.com www.googleadservices.com player.vimeo.com *.livetex.ru *.yandex.net *.yandex.ru kontur.ru *.kontur.ru www.google-analytics.com counter.yadro.ru fonts.gstatic.com *.s-microsoft.com *.owox.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.kontur-extern.ru/private/csp-report 1 default-src 'none'; img-src *; frame-src *; script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri https://www.tyan.com 1 img-src https://pp.vk.me https://special.astrobl.ru https://www.astrobl.ru https://*.yandex.ru https://*.astrakhan.ru stat.sputnik.ru *.rambler.ru; script-src 'unsafe-inline' 'unsafe-eval' https://special.astrobl.ru https://thj.astrakhan.ru https://www.astrobl.ru *.yandex.ru gosmonitor.ru *.rambler.ru stat.sputnik.ru; style-src 'unsafe-inline' https://special.astrobl.ru https://www.astrobl.ru; font-src https://special.astrobl.ru https://www.astrobl.ru; media-src https://www.youtube.com https://vk.com; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' ospreypublishing.com *.googletagmanager.com *.hotjar.com www.google-analytics.com platform.twitter.com cdn.syndication.twimg.com *.facebook.net *.google.com www.gstatic.com *.cloudmaestro.com 1 frame-ancestors 'self' *.esu.edu https://*.meritpages.com;default-src 'self';connect-src 'self' https://*.hotjar.com https://*.hotjar.io https://*.libchat.com https://fonts.googleapis.com https://*.fontawesome.com https://www.google.com https://www.google-analytics.com/j/collect https://ems.admin.esu.edu/MasterCalendar/RSSFeeds.aspx https://quantum.esu.edu/ https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com wss://*.hotjar.com;font-src 'self' data: https://*.fontawesome.com https://*.hotjar.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;frame-src https://*.doubleclick.net https://*.facebook.com https://*.youvisit.com https://cse.google.com https://docs.google.com https://e.issuu.com https://esumediasite.passhe.edu https://insight.adsrvr.org https://match.adsrvr.org https://platform.twitter.com https://quantum.esu.edu/ https://syndication.twitter.com https://secure-ds.serving-sys.com https://tpc.googlesyndication.com https://widgets.pacollegetransfer.com https://vars.hotjar.com https://www.google.com/maps/ https://www.googletagmanager.com https://www.youtube.com https://w3.cdn.anvato.net;img-src 'self' data: *;script-src 'strict-dynamic' 'self' 'nonce-VE5zQXZuYWQ4SVdrODMzRFBMOWN6UT09' 'sha256-SV0NVxJcDlP/fCfnDBlvuZ4GJIQm7FOBfj2voZ5WFQ4=' 'sha256-01Ye2pawPepoRQi0W3fGog5wluX/sO7LxR/iyLwrSs4=' 'sha256-9M3QWwW8rGylG4Ec/mXguiAxdQqT554rs1MuWBaEPo8=' 'sha256-7RpyAYatoSU+nzCphqsSO8XuGK94NDpPfctuU5nO5B4=' 'sha256-ubSZeVOR9WN7JesrXdbyma0DTjPVebDIzuBPcxLLZRM=' 'sha256-782D6t1Ttvw323BTi7sUAlFjKZjNnufiwQzJSi1NdTA=' https://*.hotjar.com https://api.flickr.com https://cdn.syndication.twimg.com/ https://connect.facebook.net https://fast.wistia.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://kit.fontawesome.com https://platform.twitter.com https://quantum.esu.edu https://siteimproveanalytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://v2.libanswers.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youvisit.com;style-src 'self' 'unsafe-inline' https://cdn-images.mailchimp.com https://fonts.googleapis.com https://kit-pro.fontawesome.com/releases/latest/css/pro.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css https://platform.twitter.com/css/ https://quantum.esu.edu/instagram-feed-pro-standalone/instagram-feed/css/sb-instagram-standalone-3.1.min.css https://tagmanager.google.com https://ton.twimg.com https://www.google.com/cse/;report-uri https://w914pa7t.uriports.com/reports/report; 1 default-src 'self'; script-src 'report-sample' 'self' https://bat.bing.com/bat.js https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/964658360/ https://siteimproveanalytics.com/js/siteanalyze_66358270.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; img-src 'self' https://www.facebook.com; manifest-src 'self'; media-src 'self'; report-uri https://5f9ae52bca69962525be31f4.endpoint.csper.io/; worker-src 'none'; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com gulahmedshop.com *.gulahmedshop.com www.google.com tpc.googlesyndication.com *.cloudfront.net z.moatads.com www.googletagmanager.com onesignal.com www.google-analytics.com connect.facebook.net cdn.onesignal.com cdn.oribi.io www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.2checkout.com js.stripe.com v1.addthisedge.com maps.googleapis.com www.youtube.com static.goqubit.com ssg-preview.qubit.com h.online-metrix.net songbird.cardinalcommerce.com *.trackedlink.net www.gulahmedshop.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri /data/csp 1 default-src 'self' data: bairesdev.com *.bairesdev.com *.googleapis.com *.cloudflare.com *.addthis.com *.bing.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.youtube.com *.youtube-nocookie.com *.zopim.io *.ytimg.com *.adsymptotic.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.facebook.net *.gstatic.com stats.g.doubleclick.net *.zdassets.com *.zopim.com *.linkedin.com *.quora.com *.reddit.com *.redditstatic.com *.quora.com *.remarketstats.com t.co *.twitter.com *.ads-twitter.com *.doubleclick.net wpsitesync.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.widget-mediator.zopim.com onesignal.com *.onesignal.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.zopim.com *.zdassets.com *.onesignal.com onesignal.com *.googleadservices.com snap.licdn.com *.redditstatic.com *.quora.com *.remarketstats.com *.ads-twitter.com *.doubleclick.net *.clickcertain.com t.co *.twitter.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.youtube.com *.youtube-nocookie.com *.google.com *.emailoctopus.com emailoctopus.com;style-src 'self' 'unsafe-inline' *.bing.com *.gstatic.com *.googleapis.com onesignal.com *.onesignal.com *.emailoctopus.com emailoctopus.com;frame-src 'self' bairesdev.com *.bairesdev.com *.bing.com *.facebook.com *.twitter.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.clickcertain.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com;report-to csp-violation-report-endpoint;report-uri https://encrrwvp6eqsjuf.m.pipedream.net; 1 font-src *.fontawesome.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action www.facebook.com my.ponant.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src libs.hipay.com media.ponant.com *.youtube.com *.google.com asset.easydmp.net www.facebook.com my.ponant.com wordpress.ponant.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com s.ytimg.com *.ponant.com 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com img.youtube.com *.ytimg.com www.facebook.com d.adroll.com *.google.com *.google.fr bat.bing.com *.linkedin.com *.eloqua.com www.googletagmanager.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.youtube.com video.google.com libs.hipay.com mpsnare.iesnare.com cdn.jsdelivr.net maps.googleapis.com *.gstatic.com *.google.com connect.facebook.net js.authorize.net jstest.authorize.net po.ponant.com try.abtasty.com hermes.allo-media.net s.adroll.com d.adroll.com d.adroll.mgr.consensu.org ponant.script.admo.tv *.linkedin.com snap.licdn.com bat.bing.com atout.email-match.com www.googletagmanager.com googleads.g.doubleclick.net asset.easydmp.net *.contentsquare.net *.en25.com statics.apreslachat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.gstatic.com fonts.googleapis.com s.adroll.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.ponant.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src stage-data.hipay.com bat.bing.com ponant.script.admo.tv ponant.admo.tv hermes.allo-media.net s.adroll.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com popin.wibilong.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.googleapis.com *.klevu.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.klevu.com *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'unsafe-inline' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com *.avada.io *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://assets.what3words.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.klevu.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.testfreaks.com *.ksearchnet.com *.klevu.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss *.vodafone.ie *.netlify.app maps.googleapis.com ajax.googleapis.com *.gstatic.com twitter.com www.facebook.com tags.tiqcdn.com www.parkingtag.ie www.gari.info www.apple.com hello.donedeal.ie xd.wayin.com www.w3.org youtu.be www.umlaut.com consumer.huawei.com www.itrs.ie play.google.com itunes.apple.com www.linkedin.com www.vodafone.com www.comreg.ie www.buygamecredit.com eshop.v.vodafone.com support.google.com www.vodafonexlevelup.com vodafonexlevelup.com img.youtube.com coveragemap.comreg.ie vodafonefaf.ie www.itrs.ie careers.vodafone.com www.youtube.com universaldesign.ie www.irma.ie www.dublinairport.com www.facebook.com v.vodafone.com www.hmdglobal.com wmstatic.global.ssl.fastly.net safeavenue.f-secure.com www.just-eat.ie www.samsung.com support.apple.com www.vodafone.com www.inhope.org get.adobe.com offers.vodafone.com headbomz.ie onenet.vodafone.com support.microsoft.com www.vodafonefaf.ie twitter.com www.samsung.com vodafone.irishrugby.ie staymobile.ie www.vodafonecashback.com www.sanebox.com www.hotline.ie www.cnn.com pixel-offers.co.uk vodafonefaf.ie www.hse.ie www.checkmend.com www.butlerschocolates.com www.microsoft.com www.onepagecrm.com www.zimperium.com track.anpost.ie live.vodafone.com www.huaweipromo.co.uk www.tradedoubler.com www.anpost.ie www.ec.europa.eu www.studiocoast.com.au www.dropbox.com vfie.speedtestcustom.com nvodafone.ie apps.apple.com www.vodafonefaf.ie www.apple.com samsung.com 20202.samsungpromotions.claims www.ispai.ie www.umlaut.com www.promotions.fairphone.com www.nokia.com 10.163.135.120 www.gov.ie servicechecker.comreg.ie personalbanking.bankofireland.com vodafone.canterbury.com help.yahoo.com www.dataprivacy.ie www.sky.com accessories-22.myshopify.com ie-mktg.vodafone.com kinsta.com www.vodafonecash.com www.samsungcashback.com futurejobsfinder.vodafone.com www.comreg.ie www.tclpromotions.com myeasypay.com ie.linkedin.com webgate.ec.europa.eu www.whydesign.ie www.tradedoubler.com www.butlerschocolates.com www.ethicalconsumer.org www.ispcc.ie edition.cnn.com staymobile.ie www.yourreadybusiness.co.uk www.hotline.ie money.cnn.com www.dataprotection.ie www.actiview.io www.operateremote.com windows.microsoft.com signup.paloaltonetworks.com www.mckinsey.com www.cisco.com get.adobe.com myeasypay.com tags.tiqcdn.com www.libertyhumanrights.org.uk www.phonesmart.ie www.5gruralfirst.org www.tclcom.com start.vodafone.com fiksukalasatama.fi www.pixelpod.ie vfglogin.vodafone.com www.mattgriffin.online www.winterready.ie omniturecom.112.2o7.net www.obrien.ie www.inhope.org www2.deloitte.com www.irishexaminer.com www.centralbank.ie www.thebuildingblock.ie www.irishtimes.com www.aboutcookies.org onedrive.live.com img.en25.com offers.vodafone.com itunes.apple.com www.samsungcashback.com servicechecker.comreg.ie www.kippy.eu www.siliconrepublic.com guce.yahoo.com ec.europa.eu gstatic.com www.anpost.com www.mozilla.org www.f-secure.com 46.22.130.115 www.netflix.com www.statustoday.com support.apple.com business.vodafone.com community.office365.com www.podtrackers.com www.dublinairport.com allaboutcookies.org www.patagonia.com asiam.ie www.fao.org www.checkmend.com bit.ly www.britannica.com www.portershed.com www.abodoo.com buffer.com www.spotify.com www.fieldfisher.com www.just-eat.ie trackimo.com www.promotions.fairphone.com www.un.org www.handsfreehectare.com www.firetrade.ie netgear.com www.sky.com vfsustreport.ie siro.ie www.ispcc.ie medium.com www.parentline.ie personalbanking.bankofireland.com www.huaweipromo.co.uk accounts-emea.f-secure.com www.telecomitalia.com events.paloaltonetworks.com www.icloud.com vodafone.digitalmagazines.online www.iubenda.com promotions.fairphone.com fonts.googleapis.com portershed.com ad.doubleclick.net ajax.googleapis.com consent.yahoo.com www.anpost.com support.mozilla.org www.operateremote.com www.patagonia.com www.spotify.com firetrade.ie api.developer.vodafone.com whydesign.ie blog.statustoday.com www.googleadservices.com content.lon5.atomz.com www.dataprotection.ie www.obrien.ie www.ethicalconsumer.org www.handsfreehectare.com www.thebuildingblock.ie www.fonfix.ie www.netgear.com help.netflix.com www.instagram.com www.fonfix.com samsungcashback.com prd.offers.vodafone.com djeniwjzq77re.cloudfront.net display.engagesciences.com idgw.vodafone.com www.gruppotim.it portershed.com support.office.com promotions.fairphone.com operateremote.com partners.vodafone.com fls.doubleclick.net support.spotify.com start.vodafone.com www.google.com www.googleadservices.com fonts.googleapis.com ie-chat.ext.vodafone.com optanon.blob.core.windows.net geolocation.onetrust.com was.vodafone.ie connect.facebook.net *.hotjar.com vodafoneirl.tt.omtrdc.net gcpsmapi.vodafone.com nebula-cdn.kampyle.com udc-neb.kampyle.com s1525.t.eloqua.com dpm.demdex.net vodafoneirl.demdex.net cm.everesttech.net a1.adform.net s2.adform.net c1.adform.net privacyportal-eu.onetrust.com wa.vodafone.ie bpvx.vodafone.ie; 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; script-src 'nonce-b6184b76cc7e422bb62f66e0844d194e' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; style-src 'self' 'nonce-b6184b76cc7e422bb62f66e0844d194e' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; img-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/ https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=138-3300204-9286158:rid=B736345F8D2B4AF1A19D:sn=www.amazongames.com 1 default-src 'none'; font-src 'self'; frame-src https://www.facebook.com https://www.google.com; img-src https://lh3.googleusercontent.com https://ukdj.imgix.net https://ukdjstatic-b4d.kxcdn.com; script-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://ukdjstatic-b4d.kxcdn.com/wp-content/cache/autoptimize/js/ https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/; style-src 'unsafe-inline' https://ukdjstatic-b4d.kxcdn.com/wp-content/cache/autoptimize/css/; report-uri https://ukdj.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=55853e7c56a79acadda289299c6ad8ad 1 default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://98dba6326789eae01552e92f7b3e68d5.report-uri.io/r/default/csp/reportOnly 1 default-src data: https://partners.akbars.ru https://apps.akbars.ru https://sravni.go2cloud.org https://www.akbars.ru https://fonts.gstatic.com https://mc.yandex.ru https://yandex.ru https://api-maps.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://google-analytics.bi.owox.com https://dadata.ru https://suggestions.dadata.ru 'self'; script-src blob: data: https://partners.akbars.ru https://apps.akbars.ru https://ajax.aspnetcdn.com https://sitesearch-suggest.yandex.ru https://yandex.ru https://site.yandex.net https://api-maps.yandex.ru https://*.maps.yandex.net https://mc.yandex.ru https://clck.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://partners.akbars.ru https://apps.akbars.ru https://fonts.googleapis.com https://yastatic.net 'self' 'unsafe-inline'; img-src blob: data: https://partners.akbars.ru https://apps.akbars.ru https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastat.net https://yastatic.net https://yandex.st https://yandex.ru https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://www.googletagmanager.com https://www.google-analytics.com https://google-analytics.bi.owox.com https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com 'self'; frame-src https://api-maps.yandex.ru https://www.facebook.com https://www.youtube.com 'self'; upgrade-insecure-requests; report-uri https://www.akbars.ru/csp_report/ 1 report-uri https://sentry.io/api/221673/security/?sentry_key=3afaff7eee7146358bf291fdd649cba7 1 font-src 'self' fonts.gstatic.com script.hotjar.com; img-src 'self' maps.googleapis.com maps.gstatic.com www.facebook.com data script.hotjar.com ssl.google-analytics.com stats.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' connect.facebook.net dl.episerver.net maps.googleapis.com player.vimeo.com s.ytimg.com www.youtube.com s7.addthis.com az416426.vo.msecnd.net ssl.google-analytics.com static.hotjar.com v1.addthis.com v1.addthisedge.com www.googletagmanager.com px.ads.linkedin.com script.hotjar.com snap.licdn.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com addtocalendar.com; connect-src 'self' s7.addthis.com v1.addthis.com vc.hotjar.io www.facebook.com in.hotjar.com; style-src-attr 'unsafe-inline';report-uri https://6cfee9ad2f0a0f5886b889b97f0c1e3e.report-uri.com/r/d/csp/wizard 1 default-src https://www.stylefactoryproductions.com/ https://mk0stylefactorybex3l.kinstacdn.com/ *.doubleclick.net *.googlesyndication.com *.akamai.net https://www.facebook.com https://partner.googleadservices.com/; connect-src https://www.stylefactoryproductions.com/ https://mk0stylefactorybex3l.kinstacdn.com/ https://partner.googleadservices.com/ *.doubleclick.net *.googlesyndication.com *.akamai.net *.google-analytics.com; font-src https://www.stylefactoryproductions.com/ https://mk0stylefactorybex3l.kinstacdn.com/ https://fonts.googleapis.com https://use.typekit.net; img-src https: data:; script-src 'unsafe-inline' https://www.stylefactoryproductions.com/ https://mk0stylefactorybex3l.kinstacdn.com/ https://www.googletagmanager.com/ https://tagmanager.google.com https://connect.facebook.net https://fonts.googleapis.com *.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagservices.com https://adservice.google.co.uk https://adservice.google.com https://partner.googleadservices.com/ *.doubleclick.net *.googlesyndication.com *.akamai.net; style-src 'unsafe-inline' https://www.stylefactoryproductions.com/ https://mk0stylefactorybex3l.kinstacdn.com/ https://tagmanager.google.com https://use.typekit.net https://p.typekit.net/ *.doubleclick.net *.googlesyndication.com *.akamai.net; upgrade-insecure-requests; report-uri https://stylefactoryproductions.report-uri.com/r/d/csp/reportOnly; 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 1 script-src 'nonce-455ef6a7-a67c-48bc-9691-7181aab4d7f9' https:; report-uri https://ort.wellsfargo.com/reporting/csp 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.sg&source%5Bsection%5D=brochure&source%5Buuid%5D=790219b1471040c00537954d687f96c7 1 default-src https: 'unsafe-inline' 'unsafe-eval' https://*.zopim.com wss://*.zopim.com https://*.zopim.io; img-src data: https:; font-src https:; report-uri /csp-report-uri; report-to csp-endpoint 1 report-uri https://www.yelp.com/csp_report_only?id=ac85adcfe3dbd0f0&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618358947; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'self'; frame-ancestors 'self'; 1 report-uri https://logs-01.loggly.com/inputs/4e92d8a9-baa6-4559-82e2-05428d10fa7b/tag/csp; report-to default 1 child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_49c05abd9fb769092c936ddfbc747f93 1 default-src 'self' cas.avalon.perfdrive.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; frame-src 'self' blob: www.facebook.com connect.facebook.net www.google.com www.googletagmanager.com www.empruntis.com player.vimeo.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; img-src data: blob: www.google.com www.googletagmanager.com www.google.fr www.google-analytics.com stats.g.doubleclick.net www.facebook.com gl.hostcg.com api.mapbox.com static.intercomassets.com maps.googleapis.com maps.gstatic.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; child-src blob:; media-src *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; script-src 'unsafe-inline' 'unsafe-eval' polyfill.io www.google-analytics.com maps.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com connect.facebook.net *.realytics.io cdn-eu.realytics.net gl.hostcg.com actorssl-5637.kxcdn.com *.perfdrive.com *.algolia.net *.algolianet.com widget.intercom.io js.intercomcdn.com d3js.org code.highcharts.com/highcharts.js *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; connect-src 'self' api.realytics.io m.realytics.io sentry.io *.mapbox.com tile.meilleursagents.com stats.g.doubleclick.net www.google-analytics.com bam.nr-data.net *.perfdrive.com statcache-5637.kxcdn.com www.facebook.com *.algolia.net *.algolianet.com api-iam.intercom.io *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; font-src 'self' fonts.gstatic.com js.intercomcdn.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; worker-src blob:; report-uri /csp-report 1 script-src 'self' 'unsafe-inline' 'nonce-KS9bP4y158AKntCI9eCQl4vU9CgIZY6H' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-KS9bP4y158AKntCI9eCQl4vU9CgIZY6H; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /errorendpoint.html 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fenwick.com https://polyfill.io https://*.trustarc.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.vidyard.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://*.tableau.com https://*.marketo.com https://*.marketo.net https://*.facebook.com https://*.google-analytics.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://siteimproveanalytics.com https://cdns.gigya.com https://*.linkedin.com; img-src 'self' data: https://*.fenwick.com https://*.trustarc.com https://d1eksjbjozyyuf.cloudfront.net https://d371187ayxlni9.cloudfront.net https://*.vidyard.com https://*.twimg.com https://*.twitter.com https://*.siteimproveanalytics.io https://*.linkedin.com https://t.co https://*.facebook.com https://*.facebook.net https://p.adsymptotic.com https://*.google-analytics.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://*.fenwick.com https://*.twitter.com https://*.twimg.com https://*.gstatic.com https://*.ytimg.com https://connect.facebook.net; font-src 'self' data: https://*.fenwick.com https://*.slidesharecdn.com https://*.gstatic.com; object-src 'self' https://*.fenwick.com; child-src 'self' https://*.fenwick.com; frame-src 'self' https://*.fenwick.com https://*.vidyard.com https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.tableau.com https://fenwick-postalice.tenrec.com https://*.slideshare.net https://*.gigya.com https://*.facebook.com https://*.trustarc.com; connect-src 'self' https://*.fenwick.com https://*.algolia.net https://*.algolianet.com https://*.craftcms.com https://*.google-analytics.com https://*.mktoresp.com https://*.linkedin.com https://*.facebook.com https://*.mktoutil.net https://*.mktoutil.com; report-uri https://a44cafc111449d022be8860ffeb9f4e2.report-uri.com/r/d/csp/wizard 1 default-src 'self' https://*.minecraft.jp; script-src 'self' 'unsafe-inline' 'nonce-P_XNDJy5xeQ6Q0yuPAQTlQ' 'report-sample' https://*.minecraft.jp https://ajax.googleapis.com https://apis.google.com https://connect.facebook.net https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.minecraft.jp; img-src 'self' data: https://*.minecraft.jp https://*.gstatic.com https://www.facebook.com; font-src 'self' data:; frame-src https://*.facebook.com https://*.twitter.com; report-uri https://report-uri.appspot.com/987875600540635136?ro=1 1 default-src 'self' 'unsafe-inline' *.gmpg.org geolocation.onetrust.com ingest.make.rvapps.io cdn.cookielaw.org stats.g.doubleclick.net fonts.gstatic.com make.cohesionapps.com cdn.cohesionapps.com *.googletagmanager.com *.google-analytics.com www.youtube.com js-agent.newrelic.com bam-cell.nr-data.net a.myfidevs.io analytics.myfidevs.io static.myfinance.com www.myfinance.com *.onetrust.com appds8093.blob.core.windows.net a.omappapi.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com www.youtube.com code.jquery.com static.myfinance.com cdn.cohesionapps.com sb.scorecardresearch.com cdn.cookielaw.org js-agent.newrelic.com bam-cell.nr-data.net a.myfidevs.io *.onetrust.com appds8093.blob.core.windows.net a.omappapi.com facebook.com connect.facebook.net; img-src * data: blob:; font-src * data: blob:; frame-src www.myfinance.com static.myfinance.com cdn.cohesionapps.com www.youtube.com www.facebook.com; 1 connect-src 'self' https://*.spendesk.com https://*.spendesk.dev https://*.spendesk.tools https://api.segment.io https://preview.contentful.com https://api-js.mixpanel.com https://api-iam.intercom.io https://sessions.bugsnag.com/ https://d3r43gyd9zmfep.cloudfront.net wss://nexus-websocket-a.intercom.io https://rs.fullstory.com https://appvizer.one https://stats.g.doubleclick.net https://in.hotjar.com https://forms.hubspot.com https://bat.bing.com https://new-collect.albacross.com https://fastly.trychameleon.com 'report-sample'; script-src 'self' https://*.spendesk.com https://*.spendesk.dev https://*.spendesk.tools https://js.intercomcdn.com https://www.google-analytics.com https://cdn.wootric.com https://fast.trychameleon.com https://widget.intercom.io https://cdn.mxpnl.com https://cdn.segment.com https://tracking.g2crowd.com https://scout-cdn.salesloft.com https://serve.albacross.com https://js.hsforms.net https://d3r43gyd9zmfep.cloudfront.net https://cdn-3.convertexperiments.com https://www.googleoptimize.com https://apis.google.com https://edge.fullstory.com https://analytics.twitter.com https://appvizer.one https://bat.bing.com https://cdn.heapanalytics.com https://code.jquery.com https://connect.facebook.net https://fastly.trychameleon.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hs-scripts.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://www.googleadservices.com https://www.googletagmanager.com 'sha512-M4Q0ZK7rUle6vKdTdV+cHBsjhrJQJQRfMgzZnhJ7ZNxCt/fiyb0SfINEUkNrO3OP+vL9YsunQnS7riOBRm8NHw==' 'sha512-uuehVCUzjJ6Mdnrs9GYst1UHGzy0/AyrRKJaqL4scI6M3/UEKjVr0kQrFVXH3rPrrhfIbqRJuAS4A5w5+fyRRQ==' 'sha512-XtmMtDEcNz2j7ekrtHvOVR4iwwaD6o/FUJe6+Zq+HgcCsk3kj4uSQQR8weQ2QVj1o0Pk6PwYLohm206ZzNfubg==' 'sha512-u1L7Dp3BKUP3gijgSRoMTNxmDl/5o+XOHupwwa7jsI1rMzHrllSLKsGOfqjYl8vrEG+8ghnRPNA/SCltmJCZpQ==' 'report-sample'; worker-src 'self' https://*.spendesk.com https://*.spendesk.dev blob:; frame-ancestors 'self' chrome-extension://dipeehgoehnglgojdgfmndjemdfepkeb https://*.spendesk.com https://*.spendesk.dev https://spendesk.com https://spendesk.dev; report-uri https://www.spendesk.com/security/report/csp; block-all-mixed-content; 1 font-src *.fontawesome.com *.inside-graph.cn *.gstatic.com fonts.googleapis.com data: 'self' data: boucheron.com *.boucheron.com github.com *.inside-graph.com *.bglobale.com bglobale.com *.global-e.com global-e.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://www.googletagmanager.com/ *.google.com *.bglobale.com bglobale.com *.global-e.com global-e.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.inside-graph.cn 'self' data: boucheron.com *.boucheron.com *.inside-graph.com www.google.fr *.bglobale.com bglobale.com *.global-e.com global-e.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.inside-graph.cn *.google.com/recaptcha/ *.gstatic.com/ *.googletagmanager.com *.google-analytics.com *.inside-graph.com *.urldefense.com cdn.cookielaw.org *.geolocation.onetrust.com geolocation.onetrust.com *.privacyportal-eu.onetrust.com *.bglobale.com bglobale.com *.global-e.com global-e.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.inside-graph.cn *.inside-graph.com *.bglobale.com bglobale.com *.global-e.com global-e.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.inside-graph.cn wss://asia3-live.inside-graph.cn *.google-analytics.com cdn.cookielaw.org *.inside-graph.com us-sandbox-live.inside-graph.com *.bglobale.com bglobale.com *.global-e.com global-e.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com api.mapbox.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1 default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-main-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://analytics.twitter.com https://bat.bing.com https://cdnjs.cloudflare.com https://client.mutinycdn.com https://client-registry.mutinycdn.com https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hsleadflows.net https://js.qualified.com https://maps.googleapis.com https://rum-static.pingdom.net https://script.hotjar.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://tagmanager.google.com https://tracking.g2crowd.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com https://www.google-analytics.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; frame-src https:; connect-src 'self' https://*.hotjar.com https://*.mutinycdn.com https://*.mutinyhq.io https://*.pingdom.net https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://forms.hsforms.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.com wss://*.hotjar.com wss://app.qualified.com https://s15952.pcdn.co; media-src https:; style-src https: 'self' 'unsafe-inline' 'report-sample'; 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.fotbollskanalen.se; report-uri https://csp-report.b17g.net/ 1 default-src https: data: 'unsafe-inline'; report-uri https://3j40yr1pel.execute-api.us-east-1.amazonaws.com/prod/report-only 1 script-src 'self' 'unsafe-inline'; script-src-attr 'self'; script-src-elem 'self' https://siteimproveanalytics.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googleapis.com https://*.digitalgov.gov; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.fontawesome.com; img-src 'self' 'unsafe-inline' https://*.amazonaws.com data: https://placehold.it; media-src 'self' 'unsafe-inline' https://*.amazonaws.com; font-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.fontawesome.com; connect-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.doubleclick.net; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-eval' data: cdnjs.cloudflare.com api-maps.yandex.ru *.yandex.ru *.semantiqo.com ulclick.ru ulogin.ru vk.com *.facebook.net *.ok.ru *.google-analytics.com *.googleapis.com mc.yandex.ru yandex.st yastatic.net 'nonce-70GRoJdYjpykN3ZwQqir5ybgdnM='; style-src 'self' 'unsafe-inline' vk.com *.facebook.net *.googleapis.com yandex.st; object-src 'self'; img-src 'self' data: api-maps.yandex.ru *.yandex.ru *.caltat.com *.semantiqo.com ulogin.ru vk.com mc.yandex.ru *.yandex.net yandex.st *.google-analytics.com *.cdninstagram.com counter.yadro.ru; media-src 'self'; frame-src 'self' *.semantiqo.com *.aliexpress.com s.click.aliexpress.com ulogin.ru www.youtube.com *.facebook.com vk.com *.ok.ru yastatic.net; font-src 'self' *.gstatic.com data:; connect-src 'self' *.semantiqo.com ulogin.ru *.google-analytics.com *.googleapis.com *.gstatic.com mc.yandex.ru data:; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; font-src https: data:; report-uri /csp-report; 1 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'self'; base-uri 'self'; form-action 'self' connect.facebook.net; media-src 'self'; font-src 'self' *.amazonaws.com static.juicer.io fonts.gstatic.com use.typekit.net data:; frame-ancestors 'self' https://www.wilhelmsen.com/ *.wilhelmsen.com https://www.thinglink.com; frame-src 'self' issuu.com go.pardot.com ir.asp.manamind.com *.fls.doubleclick.net www.youtube.com mp.digital.wilhelmsen.com *.wilhelmsen.com *.doubleclick.net www.google.com www.googletagmanager.com https://www.thinglink.com player.vimeo.com platform.twitter.com vars.hotjar.com; connect-src 'self' *.dca0.com www.google.com stats.g.doubleclick.net new-collect.albacross.com www.juicer.io www.google-analytics.com in.hotjar.com vc.hotjar.io; report-uri /Security/CspReportHandler.ashx; 1 default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com *.googletagmanager.com data:; font-src 'self' *.typekit.net d2tic578h94r8u.cloudfront.net *.gstatic.com *.googleapis.com *.acsbapp.com data:; object-src 'none'; script-src 'self' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.addthis.com m.addthisedge.com *.pinterest.com *.pinimg.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.freshchat.com *.ckeditor.com io.clickguard.com acsbapp.com sc-static.net api.ipify.org cdnjs.cloudflare.com d2tic578h94r8u.cloudfront.net 'nonce-n5W/VT5YhQjHm4LXC4uj/Q=='; style-src 'self' d2tic578h94r8u.cloudfront.net *.googleapis.com *.typekit.net *.freshchat.com *.ckeditor.com cdnjs.cloudflare.com 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com s7.addthis.com assets.pinterest.com www.youtube.com *.freshchat.com *.acsbapp.com accessibe.com player.vimeo.com tr.snapchat.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com checkout.paypal.com *.pinterest.com *.mmapiws.com widget.trustpilot.com *.typekit.net m.addthis.com www.facebook.com s.yimg.com http://localhost:3035 ws://localhost:3035 *.acsbapp.com io.clickguard.com d2tic578h94r8u.cloudfront.net; report-uri /csp_reports 1 default-src 'self'; style-src 'self'; script-src 'self' https://cdn.segment.com; img-src 'self' https://drift-prod-file-uploads.s3.amazonaws.com https://driftt.imgix.net; font-src 'self'; report-uri https://drift.report-uri.com/r/d/csp/wizard 1 frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 1 font-src fonts.gstatic.com *.typekit.net *.gstatic.com *.googleapis.com *.bazaarvoice.com *.xisecurenet.com data: acsbap.com acsbapp.com *.lightboxcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.cybersource.com *.criteo.net charbroil.inq.com *.affirm.com *.magentocommerce.com *.adobedtm.com *.bazaarvoice.com *.google.com *.youtube.com *.facebook.com *.doubleclick.net acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com www.facebook.com gum.criteo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.ad-stir.com *.rkdms.com *.lemmatechnologies.com *.admanmedia.com *.betweendigital.com *.brightmountainmedia.com *.turn.com *.smrtb.com *.adsrvr.org *.mfadsrvr.com *.tapad.com *.sitescout.com *.dotomi.com *.simpli.fi tags.bluekai.com *.bnmla.com *.zemanta.com *.acuityplatform.com *.ivitrack.com *.sharethrough.com *.media.net *.affirm.com jadserve.postrelease.com cdn.aralego.net cdn.stickyadstv.com *.adnxs.com *.adscale.de *.bidswitch.net ads.yahoo.com *.analytics.yahoo.com partner.mediawallahscript.com *.rlcdn.com sync.outbrain.com secure.adnxs.com *.criteo.com *.bing.com pixel.rubiconproject.com cw.addthis.com eb2.3lift.com *.ad.smaato.net pixel.advertising.com simage2.pubmatic.com trends.revcontent.com r.casalemedia.com us-u.openx.net criteo-sync.teads.tv cs.yellowblue.io secure-us.imrworldwide.com sync-t1.taboola.com ad.360yield.com rtb-csync.smartadserver.com i.liadm.com criteo-partners.tremorhub.com sync.e-planning.net *.yieldmo.com ssp.meba.kr tapestry.tapad.com ade.clmbtech.com tg.socdm.com visitor.omnitagjs.com ad.yieldlab.net aa.agkn.com nep.advangelists.com dpm.demdex.net beacon.krxd.net *.magentocommerce.com *.sc.omtrdc.net *.xg4ken.com *.doubleclick.net bat.bing.com *.contentsquare.com *.contentsquare.net t.co *.pinterest.com *.atdmt.com *.lightboxcdn.com *.googleadservices.com *.google-analytics.com *.paypal.com 'self' data: *.google.com *.gstatic.com *.facebook.com *.bazaarvoice.com *.googletagmanager.com data: *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.typekit.net/ www.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.nuance.com *.cybersource.com h.online-metrix.net idsync.admixer.co.kr mediav3.inq.com charbroil.inq.com *.gstatic.com *.bazaarvoice.com fonts.adobe.com lightboxapi.azurewebsites.net *.clicktale.net *.lightboxcdn.com *.doubleclick.net *.pinimg.com *.contentsquare.net *.xg4ken.com *.criteo.com *.criteo.net bat.bing.com *.ads-twitter.com *.twitter.com *.affirm.com d22q3dafggn5rg.cloudfront.net *.scarabresearch.com *.pricespider.com *.google.com *.googletagmanager.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.facebook.net *.newrelic.com bam.nr-data.net *.typekit.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.pricespider.com fonts.adobe.com *.lightboxcdn.com *.typekit.net/ *.fonts.net *.googleapis.com *.gstatic.com *.bazaarvoice.com *.myfonts.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.scarabresearch.com *.sc.omtrdc.net *.affirm.com *.pinterest.com *.contentsquare.net *.paypal.com *.magentocommerce.com *.adobedtm.com *.google.com *.google-analytics.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.xisecurenet.com *.bazaarvoice.com *.experticity.com bam.nr-data.net *.facebook.net cdn.acsbap.com cdn.acsbapp.com google-analytics.com 'self' 'unsafe-inline'; child-src 'self' blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; connect-src 'self' https://www.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/; media-src 'self' https://projectlombok.org/; script-src 'self' 'sha256-H639OXZXKP0j2o4p/B40Znp/sDbQKrAYH8hMr+jDUEg=' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; report-uri https://projectlombok.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' *.hsbc.com.tw; script-src 'self' 'unsafe-eval' *.hsbc.com.tw 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.com.tw 'unsafe-inline'; img-src 'self' *.hsbc.com.tw data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.com.tw hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.com.tw col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com 'nonce-Mzg5MTUzMDExMywzMjAzMTA3ODMz' static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com; child-src js.stripe.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/reportOnly; report-to default 1 default-src 'self' *.hsbc.fr; script-src 'self' 'unsafe-eval' *.hsbc.fr 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.fr 'unsafe-inline'; img-src 'self' *.hsbc.fr data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.fr hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.fr col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com/; 1 default-src 'self' *.firstdirect.com; script-src 'self' 'unsafe-eval' *.firstdirect.com 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.firstdirect.com 'unsafe-inline'; img-src 'self' *.firstdirect.com data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.firstdirect.com hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.firstdirect.com col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com/; 1 script-src data: 'self' 'unsafe-eval' 'nonce-okhxGZAi/WrtyW3S' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com *.onmarc.nl ssl.google-analytics.com *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl;manifest-src 'self' ;block-all-mixed-content; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://* data:; report-uri https://homestay.report-uri.io/r/default/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.za&source%5Bsection%5D=brochure&source%5Buuid%5D=8821d1642c26192bdf4ec66228390a14 1 child-src mc.yandex.md mc.yandex.ru;connect-src mc.admetrica.ru mc.yandex.ru yandex.ru;default-src 'none';img-src 'self' *.verify.yandex.ru avatars.mds.yandex.net awaps.yandex.net data: favicon.yandex.net mc.admetrica.ru mc.yandex.com mc.yandex.ru yandex.ru yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1618356870.89595.98530.136529&h=stable-morda-any-vla-yp-12&csp=new&date=20210414&yandexuid=9996809451618356870;script-src 'nonce-ThbPY6yzio7olOKCtUSXQg==' awaps.yandex.ru mc.yandex.ru yandex.ru yastatic.net;style-src 'unsafe-inline' yastatic.net 1 report-uri https://www.yelp.com/csp_report_only?id=a63370bfbdc59528&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618360897; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 font-src fonts.gstatic.com use.typekit.net code.ionicframework.com data: maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.freshchat.com www.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com static.hotjar.com cdnjs.cloudflare.com *.freshchat.com js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com code.ionicframework.com *.freshchat.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com qa-api.magedevteam.com bam-cell.nr-data.net *.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.de&source%5Bsection%5D=brochure&source%5Buuid%5D=763fa591b099678f56a1636142362e2a 1 default-src 'self'; connect-src 'self' *.google-analytics.com *.translate.googleapis.com *.doubleclick.net *.qualtrics.com; font-src 'self' themes.googleusercontent.com *.fonts.gstatic.com; frame-src 'self' *.youtube.com; img-src 'self' data: *.mapbox.com *.openstreetmap.org *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.ytimg.com *.google.com.au *.google.com *.gstatic.com *.qualtrics.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazee.io *.youtube.com *.ytimg.com *.googletagmanager.com *.google.com *.google-analytics.com *.mapbox.com *.cdnjs.cloudflare.com *.qualtrics.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.google.com mdbootstrap.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' *.googletagmanager.com *.youtube.com *.ytimg.com *.google-analytics.com *.qualtrics.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.google.com mdbootstrap.com unpkg.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com unpkg.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com unpkg.com use.fontawesome.com 'unsafe-inline'; frame-ancestors 'self' 1 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com maps.gstatic.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.authorize.net maps.googleapis.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.authorize.net *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://s7.addthis.com https://v1.addthisedge.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com cdn.jsdelivr.net; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' http://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com http://graph.facebook.com http://api-public.addthis.com https://cdnjs.cloudflare.com https://api-public.addthis.com https://s.go-mpulse.net https://js-agent.newrelic.com https://bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://use.fontawesome.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; frame-ancestors 'self'; report-uri https://www.insurekidsnow.gov/report-uri/reportOnly 1 font-src *.sagepay.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://bootstrapcdn.com https://fonts.gstatic.com 'self' data: https://v2.zopim.com https://maxcdn.bootstrapcdn.com https://static-v.tawk.to https://*.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com https://www.facebook.com/ https://www.securesuite.co.uk https://syndication.twitter.com https://platform.twitter.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sagepay.com https://player.vimeo.com https://widget.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://pi-live.sagepay.com https://www.google.com/ https://www.securesuite.co.uk https://platform.twitter.com https://syndication.twitter.com https://secure.pay1.de https://*.klarnaservices.com https://*.zenaps.com/ https://*.cloudflare.com https://klarna-payments-eu.klarna.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.paypal.com *.sagepay.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com 'self' data: https://www.sagepay.co.uk https://dsum-sec.casalemedia.com https://pixel.advertising.com https://v2.zopim.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://trc.taboola.com https://v2assets.zopim.io https://eb2.3lift.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://cdn.jsdelivr.net https://abs.twimg.com https://*.klarnaservices.com https://*.klarnacdn.net/ https://*.tawk.to/ https://www.gstatic.com https://*.kidscavern.co.uk https://www.opayo.co.uk http://*.zenaps.com https://*.cloudflare.com https://cdn1.iconfinder.com https://www.awin1.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.sagepay.com https://www.googletagmanager.com https://chimpstatic.com http://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com http://static.hotjar.com https://connect.facebook.net https://pixel.advertising.com https://www.google.com https://www.gstatic.com https://v2.zopim.com https://static.zdassets.com https://widget-mediator.zopim.com http://magemail.co https://pi-live.sagepay.com https://pcls1.craftyclicks.co.uk http://cdnjs.cloudflare.com http://cdn.livechatinc.com http://js.klevu.com https://secure.livechatinc.com https://maps.googleapis.com http://platform.twitter.com http://twitter.com https://cdn.syndication.twimg.com https://ict.infinity-tracking.net https://cdn.jsdelivr.net https://cdn.klarna.com https://register.feefo.com https://eu-library.klarnaservices.com https://*.klarnacdn.net http://*.google.com http://*.tidio.co https://*.tidiochat.com/ http://widget-v4.tidiochat.com https://*.dwin1.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.zenaps.com http://*.zenaps.com https://*.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com https://use.fontawesome.com https://bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://twitter.com https://ton.twimg.com https://maxcdn.bootstrapcdn.com http://fonts.googleapis.com https://platform.twitter.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://widget-v4.tidiochat.com//tururu.mp3 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://ekr.zdassets.com https://cdn.livechatinc.com wss://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://va.tawk.to https://api.feefo.com https://vsb108.tawk.to https://ict.infinity-tracking.net https://tawk.to https://static-v.tawk.to wss://*.tawk.to https://vsb52.tawk.to *.tawk.to https://*.klarnauserservices.com https://*.klarnaevt.com wss://*.tidio.co http://*.tidiochat.com https://*.zenaps.com https://stats.g.doubleclick.net https://*.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /envisagecsp; report-to report-endpoint; 1 script-src 'self' 'report-sample' *.disqus.com *.disquscdn.com accounts.google.com analytics.google.com apis.google.com api.getdrip.com tag.getdrip.com cdn.amplitude.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://d14jnfavjicsbe.cloudfront.net/client.js widget.intercom.io js.intercomcdn.com mc.yandex.ru *.osome.com *.osome.club ssl.gstatic.com static.hotjar.com script.hotjar.com *.ytimg.com www.google-analytics.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com snap.licdn.com www.youtube.com cdn.ampproject.org tilda.ws static.tildacdn.com stat.tildacdn.com script.tapfiliate.com code.jquery.com www.clarity.ms unpkg.com 'unsafe-inline' 'unsafe-eval'; report-uri https://5fb4310f34c13d8246ca6342.endpoint.csper.io 1 font-src https://maxcdn.bootstrapcdn.com/ https://x.klarnacdn.net/ https://fonts.gstatic.com/ *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com/tr/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com https://www.facebook.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://www.bmc-switzerland.com/ https://*.klarnaservices.com/ https://www.google.com https://www.google.de https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com/tr/ https://master-7rqtwti-zqpykptqwf3ju.us-3.magentosite.cloud/media/ maps.gstatic.com *.googleapis.com *.ggpht store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com https://connect.facebook.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://*.klarnaservices.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ maps.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://maxcdn.bootstrapcdn.com/ https://x.klarnacdn.net/ https://fonts.googleapis.com/ *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://geoip-js.com/ https://*.klarnauserservices.com/ https://*.klarnaservices.com/ https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect https://bam.nr-data.net https://bam-cell.nr-data.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; connect-src 'self'; font-src 'self' https: data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; report-uri /csp-violation-report 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.hk&source%5Bsection%5D=brochure&source%5Buuid%5D=43e99d46b1e334fedd41085d70cac15c 1 font-src fonts.gstatic.com use.typekit.net *.bootstrapcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://store.plumrocket.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com www.facebook.com platform.twitter.com https://store.plumrocket.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://*.talkable.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com https://static.afterpay.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://js.sandbox.afterpay.com https://js.afterpay.com *.trustpilot.com *.zdassets.com *.cloudfront.net *.chimpstatic.net *.yotpo.com *.paypal.com *.zopim.com *.jsdelivr.net *.newrelic.com *.nr-data.net *.avada.io connect.facebook.net twitter.com platform.twitter.com maps.googleapis.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://d2jjzw81hqbuqv.cloudfront.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.bootstrapcdn.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net performance.typekit.net commerce.adobe.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com qa-api.magedevteam.com commerce-beta.adobe.io static.afterpay.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es js.sandbox.afterpay.com js.afterpay.com *.zopim.com *.doubleclick.net *.zdassets.com *.nr-data.net *.zendesk.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-lH6o7hnb3g5FNiWF+SVep04j6U0O+9'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1 default-src 'self'; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net; font-src 'self' *.fonts.net *.gstatic.com; frame-src 'self' *.cookiebot.com *.google.com *.typeform.com; img-src 'self' *.vimeo.com *.youtube-nocookie.com *.gstatic.com https://eos-c963.kxcdn.com data: *.google.com *.google.de *.google-analytics.com www.facebook.com px.ads.linkedin.com; media-src 'self' *.vimeo.com *.youtube-nocookie.com https://eos-c963.kxcdn.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.eos.info *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.licdn.com connect.facebook.net; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com; report-uri https://97e6qr1q.uriports.com/reports; report-to default 1 frame-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; default-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://www.facebook.com https://m.facebook.com https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.com.ua https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net blob: 'self' https://twemoji.maxcdn.com; ; connect-src wss://pubsub.adm.tools wss://adm.tools https://auth.adm.tools https://adm.tools https://portal.adm.tools https://www.ukraine.com.ua https://cdn.ukraine.com.ua:* wss://cdn.ukraine.com.ua:* https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://www.facebook.com https://www.facebook.com; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1 default-src 'self' *.hsbc.ae; script-src 'self' 'unsafe-eval' *.hsbc.ae 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.ae 'unsafe-inline'; img-src 'self' *.hsbc.ae data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.ae hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.ae col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com/; 1 default-src 'self'; img-src * data:; script-src 'self' 'unsafe-inline' https://securepubads.g.doubleclick.net https://www.googletagservices.com https://www.google-analytics.com https://adservice.google.co.uk https://adservice.google.com https://tpc.googlesyndication.com; style-src 'self' 'unsafe-inline' https://media.studylink.com; connect-src https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net; frame-src https://tpc.googlesyndication.com/; 1 block-all-mixed-content; report-uri https://pangoly.report-uri.com/r/d/csp/reportOnly 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net service.force.com fast.wistia.com widget-mediator.zopim.com *.google-analytics.com *.affirm.com cdn.taboola.com ajax.googleapis.com interiordefine.my.salesforce.com interiordefine.secure.force.com maps.googleapis.com interiordefine.secure.force.com maps.googleapis.com connect.facebook.net dev.visualwebsiteoptimizer.com www.googletagmanager.com *.optnmstr.com *.pinimg.com *.omappapi.com js-agent.newrelic.com fast.wistia.com *.yotpo.com static.criteo.net www.google.com *.steelhousemedia.com *.hotjar.com *.heapanalytics.com cdn.pbbl.co *.collect.igodigital.com cdn.attn.tv bat.bing.com bam.nr-data.net bam-cell.nr-data.net www.gstatic.com *.criteo.com googleads.g.doubleclick.net *.salesforceliveagent.com fast.wistia.com viewer.cylindo.com assets.pinterest.com *.cloudflare.com js.squareup.com interiordefine.netmng.com *.zopim.com *.interiordefine.com www.googleadservices.com waves.retentionscience.com api.ipstack.com assets.calendly.com tpc.googlesyndication.com cdn.rawgit.com *.chtbl.com *.licdn.com *.linkedin.com *.fbot.me 1 font-src *.gstatic.com 'self' data: https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.dotdigital-pages.com *.dotdigital.com https://www.youtube.com https://youtu.be *.doubleclick.net https://vars.hotjar.com/ https://www.facebook.com/ https://c.paypal.com https://r1.dotmailer-surveys.com https://surveymonkey.com/ https://widget.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.gstatic.com *.google.co.uk https://www.googletagmanager.com https://www.tag4arm.com https://bat.bing.com https://services.postcodeanywhere.co.uk https://ct.pinterest.com https://b.stats.paypal.com https://dub.stats.paypal.com https://c.paypal.com https://secure.surveymonkey.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://thefo11129.pcapredict.com https://polyfill.io https://api.usersnap.com https://js-agent.newrelic.com https://bam.nr-data.net https://bat.bing.com https://www.tag4arm.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://r1-1.trackedweb.net https://r1-t.trackedlink.net https://static.trackedweb.net https://s.pinimg.com https://static.hotjar.com https://js.braintreegateway.com https://c.paypal.com https://r1.dotmailer-surveys.com https://widget.surveymonkey.com/ https://widget.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.doubleclick.net https://services.postcodeanywhere.co.uk https://bam.nr-data.net https://r1.trackedweb.net https://ct.pinterest.com https://origin-analytics-sand.sandbox.braintree-api.com https://payments.sandbox.braintree-api.com https://bat.bing.com https://in.hotjar.com https://www.paypal.com https://www.tag4arm.com https://widget.trustpilot.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.braintreegateway.com *.paypal.com https://surveymonkey.com/ https://secure.surveymonkey.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://7ee2a4f517b54c13812e54076aefcb7d.myssl-uri.com/api/csp-report 1 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.cybersource.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com data: maps.googleapis.com maps.gstatic.com store.paradoxlabs.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.cardinalcommerce.com h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net commerce.adobe.net qa-api.magedevteam.com commerce-beta.adobe.io *.cardinalcommerce.com h.online-metrix.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src data: 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; media-src blob: https:; img-src https: data:; font-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; report-uri /corp_includes/report_only.php 1 block-all-mixed-content; report-uri https://1knzater8k.execute-api.us-west-2.amazonaws.com/prod/csp-report; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://blogun.report-uri.io/r/default/csp/reportOnly 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.everplans.com d1ngjr0upamjk0.cloudfront.net js-agent.newrelic.com *.nr-data.net pi.pardot.com a248.e.akamai.net downloads.mailchimp.com mc.us7.list-manage.com www.google.com *.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.googleadservices.com *.g.doubleclick.net use.typekit.net *.addthis.com v1.addthisedge.com *.twitter.com connect.facebook.net cdn.embedly.com px.ads.linkedin.com fast.wistia.com onlinedialogue.s3.amazonaws.com snap.licdn.com s.pinimg.com z.moatads.com embed.typeform.com fast.wistia.net woobox.com; object-src 'self'; style-src 'self' 'unsafe-inline' downloads.mailchimp.com fonts.googleapis.com netdna.bootstrapcdn.com; img-src *; media-src 'self' blob: data: cdn.livechatinc.com embedwistia-a.akamaihd.net; frame-src 'self' *.everplans.com w.soundcloud.com secure.livechatinc.com go.pardot.com *.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net tpc.googlesyndication.com fast.wistia.net *.typeform.com music.amazon.com woobox.com; frame-ancestors 'self'; child-src 'self' *.everplans.com s7.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; font-src 'self' data: fonts.gstatic.com use.typekit.net netdna.bootstrapcdn.com d1ngjr0upamjk0.cloudfront.net; connect-src 'self' data: *.everplans.com *.nr-data.net stats.g.doubleclick.net v1.addthis.com *.wistia.com embedwistia-a.akamaihd.net ct.pinterest.com; report-uri https://everplans.report-uri.com/r/d/csp/wizard; upgrade-insecure-requests 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; script-src 'nonce-eeef159dd6c94610b7bd537d51e942ea' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; style-src 'self' 'nonce-eeef159dd6c94610b7bd537d51e942ea' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; img-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/ https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=136-8302919-6328147:rid=078CA47542EF42158CC5:sn=www.newworld.com 1 font-src https://www.gstatic.com https://fonts.gstatic.com data: https://v2.zopim.com https://script.hotjar.com https://widgets.trustedshops.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.google.com https://secure.pay1.de https://vars.hotjar.com https://www.youtube.com https://www.facebook.com http://gum.criteo.com http://static.criteo.net http://st.smartassistant.com https://bid.g.doubleclick.net/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com http://www.google.com https://www.googletagmanager.com https://sslwidget.criteo.com http://static.criteo.net https://widget.eu.criteo.com widgets.trustedshops.com https://connect.facebook.net https://secure.pay1.de https://cdn.klarna.com https://bat.bing.com https://www.dwin1.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://v2.zopim.com https://clientcdn.pushengage.com https://a.optmnstr.com https://amplify.outbrain.com https://ai.trk42.net https://static.zdassets.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com widgets.trustedshops.com https://mobilityhouse.pushengage.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com *.api.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://z.omappapi.com https://api.omappapi.com https://in.hotjar.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /mb_csp; report-to report-endpoint; 1 default-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 script-src 'nonce-C8E1bL7V3T_By5XIZct_qQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com chatbot.ocbcnisp.com www.googletagmanager.com cdn.krxd.net *.doubleclick.net; form-action chatbot.ocbcnisp.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wa.onelink.me beacon.krxd.net www.google-analytics.com chatbot.ocbcnisp.com jslog.krxd.net www.google.com wa.appsflyer.com www.facebook.com *.doubleclick.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: chatbot.ocbcnisp.com www.google.co.id www.google.com www.google-analytics.com jslog.krxd.net www.facebook.com beacon.krxd.net connect.facebook.net www.googletagmanager.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.googletagmanager.com websdk.appsflyer.com cdn.krxd.net connect.facebook.net www.google-analytics.com beacon.krxd.net www.googleadservices.com www.google.com consumer.krxd.net chatbot.ocbcnisp.com; report-uri /csp_report 1 worker-src blob:; font-src https://*.customily.com https://*.amazonaws.com 'self' data: *.fontawesome.com *.narvar.com *.narvar.qa https://cdnjs.cloudflare.com *.cloudflare.com *.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.twitter.com *.youtube.com *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.googletagmanager.com *.facebook.com *.hotjar.com *.twitter.com *.demdex.net *.doubleclick.net *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com https://*.customily.com https://*.amazonaws.com 'self' data: *.narvar.com *.narvar.qa https://s.ytimg.com *.ytimg.com *.magentocommerce.com *.paypal.com *.cloudfront.net *.amazon.com *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.bigcontent.io *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.emdex.net *.everesttech.net data: *.avada.io *.visualwebsiteoptimizer.com *.bing.com *.facebook.com *.quantserve.com *.doubleclick.net *.google.com *.google.be *.google.co.in *.omtrdc.net *.demdex.net *.kipling.com *.amasty.com http://fulluat-vfc.cs87.force.com *.test.adyen.com *.live.adyen.com blob: *.googleapis.com *.gstatic.com *.googletagmanager.com *.adis.ws *.reddit.com *.dc-storm.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com https://*.customily.com https://*.amazonaws.com *.avada.io https://cdnjs.cloudflare.com *.google.com *.googletagmanager.com *.googleadservices.com *.hotjar.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.onetrust.com *.facebook.net *.bing.com *.visualwebsiteoptimizer.com *.authorize.net *.braintreegateway.com *.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada-popup.min.js *.quantserve.com *.quantcount.com *.doubleclick.net *.webgains.io *.salesforceliveagent.com *.gstatic.com *.webgains.com https://w-it.m-t.io *.googleapis.com *.test.adyen.com *.live.adyen.com *.vimeocdn.com *.go-mpulse.net *.sc-static.net *.redditstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa *.kipling.com *.adis.ws 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.customily.com https://*.amazonaws.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.com *.amazonpay.jp mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.avada-popup.min.js *.emdex.net *.everesttech.net *.doubleclick.net www.google-analytics.com *.avada.io *.visualwebsiteoptimizer.com *.hotjar.com *.paypal.com *.paypalobjects.com *.demdex.net *.hotjar.io *.bing.com *.adyen.com *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.webgains.io *.webgains.com *.akstat.io *.go-mpulse.net *.google.be *.akamaihd.net *.onetrust.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; manifest-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net.*.id.opendns.com https://*.pusher.com https://unpkg.com https://www.google-analytics.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://static.userguiding.com https://d2yyd1h5u9mauk.cloudfront.net *.canopy.ninja *.canopy.dev *.canopytax.com *.clientportal.com *.clientportal.ninja *.clientportal.dev https://localhost:* http://localhost:* wss://localhost:* https://ielocal:* https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://canopy-staging.s3.amazonaws.com https://s3-us-west-2.amazonaws.com *.pusher.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://public.profitwell.com https://ssl.gstatic.com https://apis.google.com https://www.gstatic.com https://www.google.com https://hosted.paysafe.com https://hosted.test.paysafe.com https://static.zuora.com https://static.userguiding.com/ *.fullstory.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/lodash@4.17.15/lodash.min.js https://cdn.jsdelivr.net/npm/moment@2.24.0/moment.min.js https://cdn.jsdelivr.net/npm/luxon@1.25.0/build/amd/luxon.min.js https://cdn.jsdelivr.net/npm/prop-types@15.7.2/prop-types.min.js https://cdn.jsdelivr.net/npm/react@16.13.1/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.13.1/umd/react-dom.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.13.1/umd/react-dom-server.browser.production.min.js https://cdn.jsdelivr.net/npm/regenerator-runtime@0.13.3/runtime.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs-operators.min.js https://cdn.jsdelivr.net/npm/single-spa@5.5.5/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/single-spa-canopy@3.0.3/lib/system/single-spa-canopy.min.js https://cdn.jsdelivr.net/npm/systemjs@6.1.5/dist/system.min.js https://cdn.jsdelivr.net/npm/systemjs@6.1.5/dist/extras/amd.min.js https://cdn.jsdelivr.net/npm/systemjs@6.1.5/dist/extras/named-exports.min.js https://cdn.jsdelivr.net/npm/systemjs@6.1.5/dist/extras/named-register.min.js https://cdn.jsdelivr.net/npm/systemjs@6.1.5/dist/extras/use-default.min.js https://cdn.jsdelivr.net/npm/jquery@2.2.4/dist/jquery.min.js https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs/system/rxjs-shared.min.js}; connect-src *.canopy.ninja *.canopy.dev *.canopytax.com *.clientportal.com *.clientportal.ninja *.clientportal.dev https://localhost:* http://localhost:* wss://localhost:* https://ielocal:* https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://canopy-staging.s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www2.profitwell.com wss://*.pusher.com wss://*.pusherapp.com https://*.pusher.com https://*.pusherapp.com https://hosted.paysafe.com https://hosted.test.paysafe.com https://stat.userguiding.com/ *.fullstory.com https://rum-http-intake.logs.datadoghq.com https://web.delighted.com; form-action https://intercom.help https://api-iam.intercom.io; media-src https://js.intercomcdn.com; child-src blob: *.canopy.ninja *.canopy.dev *.canopytax.com *.clientportal.com *.clientportal.ninja *.clientportal.dev https://localhost:* http://localhost:* wss://localhost:* https://ielocal:* https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://canopy-staging.s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net hosted.paysafe.com hosted.test.paysafe.com; frame-src *.canopy.ninja *.canopy.dev *.canopytax.com *.clientportal.com *.clientportal.ninja *.clientportal.dev https://localhost:* http://localhost:* wss://localhost:* https://ielocal:* https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://canopy-staging.s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://accounts.google.com https://www.google.com https://www.zuora.com https://apisandbox.zuora.com https://hosted.paysafe.com https://canopy.page.link https://ls.userguiding.com; style-src 'unsafe-inline' https://ssl.gstatic.com https://fonts.googleapis.com https://fonts.google.com/ https://rsms.me; img-src data: blob: *.canopy.ninja *.canopy.dev *.canopytax.com *.clientportal.com *.clientportal.ninja *.clientportal.dev https://localhost:* http://localhost:* wss://localhost:* https://ielocal:* https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://canopy-staging.s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com https://www.facebook.com https://cx.atdmt.com/ https://dc.ads.linkedin.com https://p.adsymptotic.com https://www.linkedin.com https://px.ads.linkedin.com https://la.www4.irs.gov https://csi.gstatic.com https://static.userguiding.com/; font-src data: *.canopy.ninja *.canopy.dev *.canopytax.com *.clientportal.com *.clientportal.ninja *.clientportal.dev https://localhost:* http://localhost:* wss://localhost:* https://ielocal:* https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://canopy-staging.s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://js.intercomcdn.com https://fonts.googleapis.com https://fonts.gstatic.com http://fonts.gstatic.com https://rsms.me; worker-src blob: *.canopy.ninja *.canopy.dev *.canopytax.com *.clientportal.com *.clientportal.ninja *.clientportal.dev https://localhost:* http://localhost:* wss://localhost:* https://ielocal:* https://us-central1-metal-appliance-191920.cloudfunctions.net https://beanstalk-production.s3.amazonaws.com https://canopy-staging.s3.amazonaws.com https://s3-us-west-2.amazonaws.com; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://app.canopytax.com/_/csp-reports 1 default-src 'self' *.plugin-alliance.com; script-src 'self' analytics.twitter.com cdnjs.cloudflare.com connect.facebook.net platform.twitter.com proxy-assets.churnbuster.io s.ytimg.com static.ads-twitter.com/uwt.js trackcmp.net www.google-analytics.com www.youtube.com 'unsafe-inline'; style-src 'self' cdnjs.cloudflare.com proxy-assets.churnbuster.io 'unsafe-inline'; img-src 'self' *.plugin-alliance.com analytics.twitter.com data: d26781mews02ac.cloudfront.net i.ytimg.com img.youtube.com stats.g.doubleclick.net t.co www.facebook.com www.google.de www.google-analytics.com yt3.ggpht.com; font-src 'self' cdnjs.cloudflare.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com; frame-src 'self' d271ulnm1ao6ig.cloudfront.net embed.pivotshare.com pages.churnbuster.io staticxx.facebook.com w.soundcloud.com www.facebook.com www.youtube.com; form-action 'self' plugin-alliance.us3.list-manage.com www.facebook.com/tr/; block-all-mixed-content; report-uri https://pluginalliance.report-uri.com/r/d/csp/wizard 1 font-src fonts.gstatic.com https://maxcdn.bootstrapcdn.com 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.iglobalstores.com/ https://v2.zopim.com/ 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' https://enews.aeroprecisionusa.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com 'self' https://www.full30.com https://s7.addthis.com https://player.vimeo.com https://www.google.com https://widget-prime.rafflecopter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com https://bat.bing.com https://track.hubspot.com https://stats.g.doubleclick.net https://sca1.listrakbi.com store.paradoxlabs.com 'self' https://mediacdn.espssl.com https://www.xtento.com/media/images/ https://*.listrakbi.com https://www.google.com https://www.google.com.ua https://store.paradoxlabs.com https://cdn.klarna.com https://tracking.avantlink.com https://bam.nr-data.net https://www.googletagmanager.com https://v2.zopim.com data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://pippio.com/ https://d2df4e9l5rljaz.cloudfront.net/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://s1.listrakbi.com https://at1.listrakbi.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://cdn.listrakbi.com https://www.googletagmanager.com https://bat.bing.com https://f.vimeocdn.com https://www.google.com https://www.gstatic.com *.avada.io *.authorize.net 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.avmws.com https://m1.listrakbi.com https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://jstest.authorize.net https://*.addthis.com https://v1.addthisedge.com https://z.moatads.com https://ssl.avmws.com https://bat.bing.com/bat.js https://js-agent.newrelic.com https://bam.nr-data.net https://player.vimeo.com https://widget-prime.rafflecopter.com https://js.hs-banner.com/ https://v2.zopim.com https://static.zdassets.com https://widget-mediator.zopim.com/ https://js.authorize.net/ https://bam-cell.nr-data.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com https://maxcdn.bootstrapcdn.com https://cdn.listrakbi.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ https://mediacdn.espssl.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com https://www.google-analytics.com https://apitest.authorize.net https://api2.authorize.net https://js.authorize.net https://jstest.authorize.net *.authorize.net 'self' https://api2.authorize.net/ https://m.addthis.com https://bat.bing.com https://bam.nr-data.net/ https://bat.bing.com/ https://ekr.zdassets.com/ https://stats.g.double.analytics.js https://assets.iglobalstores.com/ wss://widget-mediator.zopim.com/ https://*.listrak.com/ https://*.listrakbi.com/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://oc.listrakbi.com/coupon https://enews.aeroprecisionusa.com/ 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests ; 1 default-src 'self' 'unsafe-inline' *.arpansa.gov.au *.sunsmart.com.au uv-makeup.azurewebsites.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.doubleclick.net data:;; report-uri /report-csp-violation 1 default-src 'self' api.balena-cloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com cdn.mxpnl.com js.intercomcdn.com widget.intercom.io cdn.statuspage.io/se-v2.js js.recurly.com; connect-src 'self' api.ly.fish api.balena-cloud.com builder.balena-cloud.com data.balena-cloud.com img.balena-cloud.com actions.balena-devices.com terminal.balena-devices.com wss://terminal.balena-devices.com *.sentry.io app.getsentry.com raw.githubusercontent.com api.github.com api.recurly.com www.google-analytics.com *.intercom.io wss://*.intercom.io *.statuspage.io *.algolia.net; frame-src self api.recurly.com www.google.com livechat.ly.fish; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; img-src 'self' data: files.balena-cloud.com *.gstatic.com *.googleapis.com *.google-analytics.com *.intercomcdn.com *.intercomassets.com stats.g.doubleclick.net *.gravatar.com; media-src *.intercomcdn.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com; report-uri https://api.balena-cloud.com/csp-report 1 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24.net//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1 default-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' https://www.facebook.com; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://api.amplitude.com; script-src 'self' 'unsafe-inline' https://cdn.amplitude.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net; img-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://fonts.gstatic.com; report-uri /csp-violations-report-endpoint; report-to null; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1 report-uri https://www.yelp.com/csp_report_only?id=39298afe245ae07a&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618351308; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.portlandmaps.com *.rose.portland.local:* *.portlandoregon.gov *.portland.gov *.bootstrapcdn.com *.jquery.com *.typekit.net *.arcgisonline.com *.arcgisonline.com *.arcgis.com arcg.is *.geocortex.com *.multco.us gis.oregonmetro.gov navigator.state.or.us *.mapbox.com *.openstreetmap.org *.opentopomap.org *.tableau.com *.ssl.fastly.net cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.googleapis.com *.gstatic.com *.googleusercontent.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.tiles.wmflabs.org *.loop11.com *.rawgit.com *.imgur.com *.amazonaws.com connect.facebook.net cdn.rawgit.com dojotoolkit.org; frame-ancestors 'self' *.portlandmaps.com *.portlandoregon.gov *.portland.gov; object-src 'none'; report-uri https://portlandmaps.report-uri.com/r/d/csp/reportOnly 1 default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1 script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1 report-uri default-src 'self' 'unsafe-inline' *.typekit.net *.googletagmanager.com *.cloudflare.com *.siteimprove.com *.debevoise.com *.vimeo.com *.google-analytics.com 1 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://gosecure.report-uri.com/r/d/csp/wizard 1 default-src 'self' 'report-sample' 'nonce-GUPbmrC1sKoIU92J6bAVbN7sZ2swk37p' *.motonet.fi www.google-analytics.com; script-src 'sha256-GEnM5q1nYY/iACnyMTdov+tNp9OFcBnnDgNXUXaVNXc=' 'self' 'report-sample' 'nonce-GUPbmrC1sKoIU92J6bAVbN7sZ2swk37p' *.motonet.fi code.createjs.com x.klarnacdn.net js.klarna.com csn.jst.ai *.playground.klarna.com www.googleadservices.com googleads.g.doubleclick.net www.google.com tagmanager.google.com cdn.jsdelivr.net ajax.googleapis.com meltwater.pressify.io apis.google.com api.videoly.co s.ytimg.com platform.twitter.com *.criteo.net *.criteo.com *.adform.net code.jquery.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.jst.ai connect.facebook.net www.youtube.com *.videoly.co eu-library.klarnaservices.com maps.google.com maps.googleapis.com 'strict-dynamic'; style-src 'unsafe-inline' 'report-sample' 'self' *.motonet.fi tagmanager.google.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com fonts.googleapis.com *.jst.ai cdn.jsdelivr.net; font-src 'self' 'report-sample' x.klarnacdn.net stackpath.bootstrapcdn.com fonts.gstatic.com maxcdn.bootstrapcdn.com data: fonts.googleapis.com; img-src ad.360yield.com *.adnxs.com csm.fr.eu.criteo.net maps.gstatic.com usersync.cdglb.com ads.stickyadstv.com ad.sxp.smartclip.net ads.yahoo.com ads.yieldmo.com ad.yieldlab.net an.yandex.ru asset.motonet.fi a.twiago.com bat.bing.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv csi.gstatic.com cw.addthis.com dapi.videoly.co data: dis.criteo.com eb2.3lift.com eu.klarnaevt.com eu.playground.klarnaevt.com googleads.g.doubleclick.net gum.criteo.com ih.adscale.de i.liadm.com i.ytimg.com jadserve.postrelease.com *.jst.ai *.klarnaservices.com maps.googleapis.com maps.google.com maps.gstatic.com matching.ivitrack.com match.sharethrough.com *.motonet.fi pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com r.casalemedia.com 'report-sample' rtb-csync.smartadserver.com s.ad.smaato.net secure.adnxs.com 'self' server.seadform.net simage2.pubmatic.com sp.analytics.yahoo.com stats.g.doubleclick.net sync.ad-stir.com sync-criteo.ads.yieldmo.com sync.e-planning.net sync.outbrain.com sync-t1.taboola.com syndication.twitter.com tg.socdm.com 'unsafe-inline' ups.analytics.yahoo.com us-u.openx.net visitor.omnitagjs.com widget.eu.criteo.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com x.bidswitch.net; frame-src 'self' js.klarna.com https://meltwater.pressify.io/ bid.g.doubleclick.net *.fls.doubleclick.net cdn.jst.ai www.youtube.com gum.criteo.com cdn.justuno.com *.klarnaservices.com www.facebook.com *.cloudinary.com *.playground.klarna.com c1.adform.net js.klarna.com platform.twitter.com static.criteo.net www.googletagmanager.com www.youtube-nocookie.com; child-src 'self' 'report-sample' *.motonet.fi *.jst.ai cdn.justuno.com *.criteo.com *.criteo.net *.adform.net www.youtube.com *.fls.doubleclick.net www.facebook.com platform.twitter.com *.klarnaservices.com staging--autokorjaamo.netlify.com staging--autokorjaamo.netlify.app meltwater.pressify.io; connect-src 'self' 'report-sample' eu.playground.klarnaevt.com *.motonet.fi *.fls.doubleclick.net www.google.com analytics.justuno.com stats.g.doubleclick.net www.facebook.com *.jst.ai www.google-analytics.com *.klarnauserservices.com eu.klarnaevt.com; form-action 'self' 'report-sample' *.motonet.fi www.facebook.com; object-src 'none'; base-uri 'self'; report-uri https://m.motonet.fi/cspr; report-to csp-endpoint 1 default-src 'self' *.canterbury-cathedral.org; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.googletagmanager.com https://maps.googleapis.com https://canterbury-cathedral.us2.list-manage.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://fonts.googleapis.com; img-src data: *; font-src data: 'self' https://fonts.gstatic.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://maps.google.co.uk https://maps.google.com https://www.google.com 'self' *.canterbury-cathedral.org https://cvminder.com https://w.soundcloud.com; connect-src 'self' *.canterbury-cathedral.org https://www.google-analytics.com https://translate.googleapis.com; report-uri https://www.canterbury-cathedral.org/csp-report.php; report-to default; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com www.google.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https://static.slo-tech.com https://zy.si https://push.slo-tech.com; script-src 'self' 'unsafe-inline' https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; style-src 'self' data: 'unsafe-inline' static.slo-tech.com; img-src 'self' data: https://* http://* https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; connect-src 'self' https://oglasi.slo-tech.com https://push.slo-tech.com wss://push.slo-tech.com ws://push.slo-tech.com; frame-src 'self' https://oglasi.slo-tech.com https://www.youtube-nocookie.com; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; sandbox; report-uri https://sentry.ilol.si/api/13/security/?sentry_key=65de3269eb0548dd97bc2c45929349f4 1 frame-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; default-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.facebook.com https://m.facebook.com https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.com.ua https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net blob: 'self'; ; connect-src https://auth.adm.tools https://adm.tools https://portal.adm.tools https://www.ukraine.com.ua https://cdn.ukraine.com.ua:3004 wss://cdn.ukraine.com.ua:3004 https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://www.facebook.com https://www.facebook.com; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1 frame-ancestors 'none'; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; object-src 'none'; frame-src 'none'; child-src 'none'; img-src 'self'; font-src 'self'; connect-src 'none'; manifest-src 'none'; base-uri 'self'; form-action 'none'; media-src 'none'; prefetch-src 'none'; worker-src 'none'; report-uri https://gate.rapidsec.net/g/r/csp/69e8dd9c-ba91-4ae8-943c-e8abcfe8ec4f/0/0/3?sct=59f8d87f-31ba-460d-b9e9-f8ec4647baff&dpos=report 1 script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' https://www.google.com https://www.gstatic.com https://netdna.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://top-fwz1.mail.ru https://connect.facebook.net https://vk.com https://googleads.g.doubleclick.net https://mc.yandex.ru https://mod.calltouch.ru https://www.googleadservices.com https://a6yb9u.jth0a.com https://ucads-cdn.ucweb.com https://cp.reso.ru data: https://mstat.acestream.net https://pilaff-up.ru https://s3.amazonaws.com https://loungesrc.net https://hublosk.com https://jullyambery.net asset blob: https://mc.yandex.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://www.youtube.com chrome-extension: https://www.google.com https://www.facebook.com https://bid.g.doubleclick.net https://skytraf.xyz https://www.googletagmanager.com https://ucads-cdn.ucweb.com 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' https://pwm-image.trendmicro.com https://dl.metabar.ru chrome-error https://acestream.me https://smi.media https://okostroy.ru https://rus.team https://rusprommeb.ru https://yurmir.com http://www.yurmir.com https://fazaa.ru https://smi.today https://tas-ix.tv https://www.smi.today https://antex-sk.kz https://pokrasymavto.ru https://ge1.ru https://newsland.com https://velopoezdka.ru https://maumediacenter.ru https://world-game-news.ru https://finnlevel.ru https://starmagnit.ru https://msk.bigsmallcar.com https://8os.ru http://smi.today https://xn------6cdhdbtu4bhmckgucxjiz.xn--p1ai https://ay-tour.ru https://www.megamedportal.ru https://sevkor.ru https://mossantechservice.ru https://domkyznechik.ru https://www.fondsk.ru https://fancybag.life https://bystro-stroy64.ru https://glavpol96.ru https://podolskofficial.ru https://reviewcafe.ru https://www.raut.ru https://mosregtoday.ru https://info67.ru https://remont8k.ru https://brutik.ru https://freemedia.io https://777.xn--80asehdb https://1art.irk.dating https://192.168.8.1 https://remtlt.ru https://www.stavki.ru https://dailybaby.ru https://interkomitet.ru https://donvesti.ru https://pro4aek.ru https://maximum.sberkom.ru https://pol.city http://block.utm.public.rsl:8002 https://saltcdn2.googleapis.com https://vk.com https://saltcdn2.twitter.com https://ok.ru https://172.28.252.200 http://192.168.91.43:15871 https://wiki.mtt.ru http://mgts-wsa-d01 https://gateway.zscloud.net https://www.youtube-nocookie.com https://object.center data: http://block.captive:8002 ms-appx-web:// ms-appx-web://microsoft.microsoftedge https://usercheck.transoil.com https://noop.style http://control.gue.local:4080 https://gateway.maxus.ru; object-src 'self' https://noop.style chrome-extension:; report-uri /cspreportonly; 1 default-src *; base-uri *; connect-src *; font-src *; form-action *; frame-ancestors *; frame-src *; child-src *; img-src *; manifest-src *; media-src *; object-src *; plugin-types *; script-src *; style-src *; worker-src * 1 style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com; connect-src 'self' bat.bing.com www.google-analytics.com stats.g.doubleclick.net cookie-cdn.cookiepro.com trc-events.taboola.com api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io; font-src 'self' data: fonts.gstatic.com script.hotjar.com; frame-src www.google.com www.youtube.com vars.hotjar.com widget.trustpilot.com; img-src 'self' data: cds.taboola.com q.quora.com s3.eu-west-2.amazonaws.com 2.gravatar.com bat.bing.com px.ads.linkedin.com www.linkedin.com c0.adalyser.com cx.atdmt.com heapanalytics.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com web.uploads.tide.co local.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' cookie-cdn.cookiepro.com bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com trc.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.google.com www.gstatic.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com tagmanager.google.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1 base-uri 'none';object-src 'unsafe-eval';default-src 'self';child-src 'self' https://ghbtns.com https://marketingwizards.go2cloud.org https://www.google.com https://www.googletagmanager.com https://www.youtube.com;connect-src 'self' https://*.tawk.to https://*.livecall.io https://*.jsdelivr.net https://*.google-analytics.com https://*.itaka.pl https://www.facebook.com https://*.doubleclick.net https://*.sentry.io https://hn.inspectlet.com https://*.hotjar.com https://*.hotjar.io;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://*.tawk.to;frame-src http://*.doubleclick.net https://user-test.projectxyz.eu https://user.itaka.pl https://*.google.com https://creativecdn.com https://widget.eu.criteo.com https://static.criteo.net https://8039447.fls.doubleclick.net https://www.facebook.com https://*.doubleclick.net https://*.criteo.com https://*.hotjar.com;img-src 'self' data: *.gstatic.com https://www.google.pl https://*.facebook.com https://*.googleapis.com www.googletagmanager.com https://ad.mail.ru https://ad.sxp.smartclip.net https://ad.turn.com https://ads.stickyadstv.com https://ads.yahoo.com https://ads.yieldmo.com https://*.tawk.to https://*.livecall.io https://*.jsdelivr.net https://api.seeplaces.com https://*.google.com https://*.google-analytics.com https://*.itaka.pl https://*.doubleclick.net https://*.criteo.com https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://pixel.advertising.com https://i.content4travel.com;media-src 'self' https://*.tawk.to https://*.livecall.io https://*.itaka.pl;script-src 'unsafe-eval' 'strict-dynamic' 'report-sample' https://d.adroll.com https://s.adroll.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.createjs.com https://sslwidget.criteo.com https://static.criteo.net https://connect.facebook.net https://maps.gstatic.com https://www.google.com https://apis.google.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://in.hotjar.com https://vc.hotjar.io https://script.hotjar.com https://static.hotjar.com https://cdn.inspectlet.com https://hn.inspectlet.com https://api.ipify.org https://ssl.p.jwpcdn.com https://*.livecall.io https://geoip.livecall.io https://signalling.livecall.io https://cdn.ravenjs.com https://yandex.st https://mc.yandex.ru https://*.tawk.to https://*.jsdelivr.net https://*.consensu.org https://*.itaka.pl https://*.leadexpert.pl 'nonce-1e03a00401fbf07ed5f072bdfdd92141';style-src 'self' 'unsafe-inline' https://*.itaka.pl https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.livecall.io https://ssl.p.jwpcdn.com https://unpkg.com https://cdn.jsdelivr.net https://ajax.googleapis.com;report-uri https://itatst.report-uri.com/r/d/csp/reportOnly 1 default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://464b711251f54c909b7a68dbb569ad3b.myssl-uri.com/api/csp-report 1 default-src 'self';font-src 'self' data:;style-src 'self' 'unsafe-inline';img-src vontobel-cloudbased-streaming.s3.amazonaws.com 'self' data:;script-src 'self' tags.tiqcdn.com 'nonce-xjwkUMS+bp/fN6UJucbXzMAbuUs=';frame-ancestors 'self';frame-src 'self';media-src vontobel-cloudbased-streaming.s3.amazonaws.com;report-uri /Csp/Report/; 1 font-src https://cdn.checkout.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.amazon.de *.payments-amazon.de https://js.checkout.com https://klarna-payments-eu.playground.klarna.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.de *.media-amazon.de 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com static.searchanise.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.checkout.com https://x.klarnacdn.net/kp/lib/v1/api.js r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com searchanise-ef84.kxcdn.com s3.amazonaws.com https://cdn.checkout.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.amazon.de *.amazonpay.de mws.amazonservices.de https://js.checkout.com https://eu.playground.klarnaevt.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com http://rum-static.pingdom.net https://v4in1-si.click4assistance.co.uk https://hitcounter.govmetric.com https://websurveys2.servmetric.com https://wsstatic.govmetric.com http://static.hotjar.com http://*.jquery.com https://*.googletagmanager.com http://api.reciteme.com https://www.google-analytics.com http://www.youtube.com https://platform.twitter.com https://content.govdelivery.com https://api.reciteme.com https://portal.roadworks.org; object-src 'self'; style-src 'self' 'unsafe-inline' https://websurveys2.servmetric.com https://wsstatic.govmetric.com http://*.googleapis.com https://fs-filestore-eu.s3.amazonaws.com/Waltham_Forest/ https://maxcdn.bootstrapcdn.com/ https://api.reciteme.com; img-src 'self' 'unsafe-inline' data: https://v4in1-si.click4assistance.co.uk https://www.google-analytics.com https://wsstatic.govmetric.com https://*.govdelivery.com https://syndication.twitter.com https://api.reciteme.com; media-src 'self' https://api.reciteme.com; frame-src 'self' https://vars.hotjar.com/ https://platform.twitter.com https://api.reciteme.com https://app.powerbi.com; font-src 'self' https://*.gstatic.com https://maxcdn.bootstrapcdn.com/ https://api.reciteme.com; connect-src 'self' https://www.google-analytics.com http://rum-collector-2.pingdom.net https://*.hotjar.com https://api.reciteme.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://cdn.datatables.net https://s.ytimg.com https://maps.google.com https://m.addthis.com https://js.stripe.com https://www.youtube.com/iframe_api https://www.youtube.com http://www.youtube.com http://downloads.mailchimp.com https://downloads.mailchimp.com https://static.addtoany.com http://dev.openlayers.org https://dev.openlayers.org https://m.addthisedge.com https://s7.addthis.com https://apis.google.com https://googleads.g.doubleclick.net https://unpkg.com https://use.fontawesome.com https://pro.fontawesome.com http://www.amcharts.com https://platform.twitter.com https://ssl.p.jwpcdn.com https://www.google-analytics.com https://records-ws.nbnatlas.org https://use.typekit.net https://www.googleadservices.com https://mc.us16.list-manage.com https://www.googletagmanager.com https://tagmanager.google.com https://downloads.mailchimp.com https://code.jquery.com https://maps.googleapis.com https://connect.facebook.net https://downloads.mailchimp.com https://csi.gstatic.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' http://dev.openlayers.org http://ajax.googleapis.com https://tagmanager.google.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://downloads.mailchimp.com https://use.fontawesome.com https://p.typekit.net https://use.typekit.net https://pro.fontawesome.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://pro.fontawesome.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://static.addtoany.com https://s7.addthis.com https://www.google.com https://js.stripe.com https://e.issuu.com https://apis.google.com/ https://www.youtube.com/ https://staticxx.facebook.com/ https://accounts.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.facebook.com/ https://web.facebook.com/; object-src 'self'; connect-src 'self' https://stats.g.doubleclick.net https://m.addthis.com https://www.google-analytics.com https://syndication.twitter.com https://www.facebook.com/tr/ https://performance.typekit.net/ ; media-src 'self' blob: https://e5c5a7c5.ssl.hwcdn.net; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self' 1 default-src 'none'; form-action 'none'; frame-ancestors 'none'; 1 connect-src 'self' https://gatehub.net https://*.gatehub.net wss://*.gatehub.net wss://*.ripple.com https://id.ripple.com https://history.ripple.com:7443 https://api.ripplecharts.com https://data.ripple.com https://*.zendesk.com https://ekr.zdassets.com https://www.google-analytics.com https://googletagmanager.com https://api.gastracker.io https://api.blockcypher.com https://api.etherscan.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net wss://xrpl.ws https://sentry.io https://*.ingest.sentry.io; default-src 'self' https://gatehub.net; font-src 'self' https://gatehub.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://gatehub.net https://*.gatehub.net https://www.google.com https://client-api.arkoselabs.com; img-src 'self' https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://chart.googleapis.com https://stats.g.doubleclick.net https://ssl.gstatic.com blob: data:; media-src 'self' https://gatehub.net https://*.gatehub.net https://static.zdassets.com blob: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://apis.google.com https://www.gstatic.com https://code.highcharts.com https://*.zendesk.com https://static.zdassets.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://client-api.arkoselabs.com; style-src 'self' 'unsafe-inline' https://gatehub.net https://*.gatehub.net https://fonts.googleapis.com; report-uri https://gatehub.report-uri.com/r/d/csp/wizard; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://latkbu9mql.execute-api.us-east-1.amazonaws.com/default/checkCSP 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri https://www.luxtimes.lu/report 1 block-all-mixed-content; report-uri https://gesoten.report-uri.com/r/t/csp/reportOnly 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MTA5OTk5OTkxOCwyMTc2MDYxMzg0'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.cloudmaestro.com web.tagembed.com c.paypal.com static-na.payments-amazon.com www-vintageking.com.imgeng.in widget-mediator.zopim.com *.cloudfront.net *.vintageking.com s.ytimg.com knrpc.olark.com assets.olark.com api.olark.com vintageking.com 4tellcdn.azureedge.net cdn.bronto.com www.googletagmanager.com js.klevu.com static.olark.com www.google-analytics.com www.googleadservices.com www.gstatic.com bat.bing.com *.hotjar.com cdn.callrail.com connect.facebook.net snip.bronto.com cdn.noibu.com googleads.g.doubleclick.net js.callrail.com js-agent.newrelic.com bam.nr-data.net www.youtube.com www.google.com cdn1.affirm.com bam-cell.nr-data.net www.paypal.com cdn-scripts.signifyd.com js.braintreegateway.com www.paypalobjects.com imgs.signifyd.com secure.wufoo.com g.microsoft.com 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com *.bootstrapcdn.com *.fontawesome.com data: *.audioeye.com *.cloudmaestro.com *.webscalenetworks.net *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.signifyd.com *.braintreegateway.com *.kaptcha.com *.google.com *.youtube.com *.twitter.com *.online-metrix.net *.paypal.com *.olark.com *.audioeye.com *.force.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.youtube.com 'self' data: *.lightemporium.com *.usercentrics.eu *.yotpo.com *.snakeriverfarms.com *.signifyd.com *.online-metrix.net *.narvar.com *.olark.com *.cdninstagram.com *.cloudfront.net *.fbcdn.net *.cloudmaestro.com *.bing.com *.google.com *.google.com.pk *.webscalenetworks.net *.facebook.com *.a.klaviyo.com *.klaviyo.com *.narvar.qa shareasale.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.cloudflare.com *.braintreegateway.com *.braintree-api.com *.twitter.com *.google-analytics.com *.googleapis.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net polyfill.io *.yotpo.com *.googlecommerce.com *.google.com *.algolia.net *.signifyd.com *.paypal.com *.dynamicyield.com *.narvar.com *.olark.com *.amazon.com *.payments-amazon.com *.swellrewards.com *.audioeye.com *.cloudmaestro.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.bing.com *.doubleclick.net *.force.com *.salesforceliveagent.com *.webscalenetworks.net 'self' data: *.facebook.net *.dotdigital-pages.com *.dwin1.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yotpo.com *.bootstrapcdn.com *.narvar.com *.olark.com *.audioeye.com *.cloudmaestro.com *.force.com *.webscalenetworks.net *.a.klaviyo.com *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.yotpo.com *.signifyd.com *.signifyd.com:11103 *.algolia.net *.algolianet.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.braintree-api.com *.braintreegateway.com *.dynamicyield.com *.olark.com *.vimeo.com *.amazon.com *.audioeye.com *.nr-data.net *.doubleclick.net *.google-analytics.com *.bing.com https://static.klaviyo.com *.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri https://www.childcare.co.uk/app/csp-reports; default-src blob: data: https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.ampproject.org https://cdnjs.cloudflare.com https://code.jquery.com https://js.recurly.com https://www.gstatic.com https://ajax.googleapis.com https://oss.maxcdn.com https://connect.facebook.net https://d1l6p2sc9645hc.cloudfront.net https://*.gosquared.com https://*.childcare.co.uk https://*.trustpilot.com https://*.doubleclick.net https://cdn.ckeditor.com https://appleid.cdn-apple.com https://*.totum.com https://bat.bing.com https://www.google.com https://cdn.jsdelivr.net 1 default-src 'self' jobtestprep.com *.jobtestprep.com yotpo.com *.yotpo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' jtptestsystem.com google.com *.google.com gstatic.com *.gstatic.com *.googleapis.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com googleadservices.com *.googleadservices.com bing.com *.bing.com *.jquery.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com nr-data.net *.nr-data.net doubleclick.net newrelic.com *.newrelic.com *.doubleclick.net *.cloudflare.com facebook.com *.facebook.com facebook.net *.facebook.net bluesnap.com *.bluesnap.com jobtestprep.com *.jobtestprep.com freshdesk.com *.freshdesk.com red-id.com *.red-id.com polyfill.io *.polyfill.io jsdelivr.net *.jsdelivr.net *.atlassian.net youtube.com *.youtube.com *.cardinalcommerce.com *.yotpo.com *.bootstrapcdn.com visitorjs.com *.visitorjs.com *.cloudfront.net; style-src 'self' 'unsafe-inline' jtptestsystem.com jobtestprep.com *.jobtestprep.com *.googleapis.com *.bootstrapcdn.com cloudflare.com *.cloudflare.com *.freshdesk.com red-id.com *.red-id.com *.jquery.com *.yotpo.com cloudfront.net *.cloudfront.net; img-src 'self' data: jtptestsystem.com jobtestprep.com *.jobtestprep.com yotpo.com *.yotpo.com facebook.com *.facebook.com *.facebook.net *.atdmt.com google.com *.google.com google-analytics.com *.google-analytics.com google.co.il *.google.co.il *.gstatic.com doubleclick.net *.doubleclick.net bluesnap.com *.bluesnap.com *.kaptcha.com jobtestprep.net *.jobtestprep.net bing.com *.bing.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com red-id.com *.red-id.com *.umbraco.org googletagmanager.com *.googletagmanager.com *.ytimg.com paypalobjects.com *.paypalobjects.com google.com google.ad google.ae google.com.af google.com.ag google.com.ai google.al google.am google.co.ao google.com.ar google.as google.at google.com.au google.az google.ba google.com.bd google.be google.bf google.bg google.com.bh google.bi google.bj google.com.bn google.com.bo google.com.br google.bs google.bt google.co.bw google.by google.com.bz google.ca google.cd google.cf google.cg google.ch google.ci google.co.ck google.cl google.cm google.cn google.com.co google.co.cr google.com.cu google.cv google.com.cy google.cz google.de google.dj google.dk google.dm google.com.do google.dz google.com.ec google.ee google.com.eg google.es google.com.et google.fi google.com.fj google.fm google.fr google.ga google.ge google.gg google.com.gh google.com.gi google.gl google.gm google.gr google.com.gt google.gy google.com.hk google.hn google.hr google.ht google.hu google.co.id google.ie google.co.il google.im google.co.in google.iq google.is google.it google.je google.com.jm google.jo google.co.jp google.co.ke google.com.kh google.ki google.kg google.co.kr google.com.kw google.kz google.la google.com.lb google.li google.lk google.co.ls google.lt google.lu google.lv google.com.ly google.co.ma google.md google.me google.mg google.mk google.ml google.com.mm google.mn google.ms google.com.mt google.mu google.mv google.mw google.com.mx google.com.my google.co.mz google.com.na google.com.ng google.com.ni google.ne google.nl google.no google.com.np google.nr google.nu google.co.nz google.com.om google.com.pa google.com.pe google.com.pg google.com.ph google.com.pk google.pl google.pn google.com.pr google.ps google.pt google.com.py google.com.qa google.ro google.ru google.rw google.com.sa google.com.sb google.sc google.se google.com.sg google.sh google.si google.sk google.com.sl google.sn google.so google.sm google.sr google.st google.com.sv google.td google.tg google.co.th google.com.tj google.tl google.tm google.tn google.to google.com.tr google.tt google.com.tw google.co.tz google.com.ua google.co.ug google.co.uk google.com.uy google.co.uz google.com.vc google.co.ve google.vg google.co.vi google.com.vn google.vu google.ws google.rs google.co.za google.co.zm google.co.zw google.cat *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; child-src jobtestprep.com *.jobtestprep.com youtube.com *.youtube.com yotpo.com *.yotpo.com www.googletagmanager.com bluesnap.com *.bluesnap.com; frame-src facebook.com *.facebook.com google.com *.google.com bluesnap.com *.bluesnap.com jobtestprep.com *.jobtestprep.com *.cardinalcommerce.com youtube.com *.youtube.com *.vimeo.com *.kaptcha.com *.jotform.me *.jotform.com googleadservices.com slideshare.net *.slideshare.net *.googleadservices.com *.doubleclick.net *.red-id.com *.hotjar.com; connect-src 'self' jtptestsystem.com yotpo.com *.yotpo.com *.google.com google-analytics.com *.google-analytics.com facebook.com *.facebook.com *.doubleclick.net nr-data.net *.nr-data.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com red-id.com *.red-id.com *.cardinalcommerce.com *.amazonaws.com *.bing.com *.freshdesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; font-src 'self' jtptestsystem.com fonts.gstatic.com fonts.googleapis.com themes.googleusercontent.com *.bootstrapcdn.com *.doubleclick.net jsdelivr.net *.jsdelivr.net red-id.com *.red-id.com *.yotpo.com; frame-ancestors 'self'; object-src 'none'; base-uri jobtestprep.com *.jobtestprep.com; worker-src blob:; 1 frame-ancestors 'self' https://www.intezer.com/ http://www.intezer.com/; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://translate.google.com/ https://translate.googleapis.com/ https://www.intezer.com/ http://www.youtube.com/ https://www.youtube.com/ https://googletagmanager.com/ https://*.opendns.com/ https://static.hsappstatic.net/ https://twitter.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://ajax.googleapis.com/ https://www.comeet.co/ https://platform.twitter.com/ https://secure.gaug.es/ https://*.wp.com/ https://www.google.com/ https://js.hsleadflows.net/ https://www.gstatic.com/ https://js.usemessages.com/ https://js.hs-banner.com/ https://snap.licdn.com/ https://js.hs-analytics.net/ https://static.ads-twitter.com/ https://js.hs-scripts.com/ https://www.googleadservices.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://analytics.twitter.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://static.addtoany.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://*.pressablecdn.com/; style-src 'sha256-A36pRlP2FPaVBYPMDmRWdqe3nTLvokMItNMM9+H4iuY=' 'unsafe-inline' 'unsafe-hashes' https://cdn.jsdelivr.net/npm/timepicker@1.13.14/jquery.timepicker.min.css https://translate.googleapis.com/ https://www.comeet.com/ https://static.hsappstatic.net/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://*.wp.com/ https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://*.pressablecdn.com/ https://www.intezer.com/ http://www.intezer.com/; object-src 'none'; frame-src https://static.hsappstatic.net/ https://js.usemessages.com/ https://*.recaptcha.net/ https://www.intezer.com/ https://meetings.hubspot.com/ https://*.pressablecdn.com/ https://static.hotjar.com/ https://www.googletagmanager.com/ https://widgets.wp.com/ https://optimize.google.com/ https://syndication.twitter.com/ https://www.comeet.com/ https://www.comeet.co/ https://platform.twitter.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://app.hubspot.com/ https://vars.hotjar.com/ https://www.google.com/; child-src https://www.intezer.com/; img-src 'self'; font-src 'self'; connect-src 'self'; manifest-src 'self'; base-uri https://www.intezer.com/; form-action 'self' https://*.twitter.com/; media-src 'self'; prefetch-src 'self'; worker-src https://www.intezer.com/; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report 1 default-src 'self' *.allauthor.com ; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com ; script-src 'self' https:; img-src 'self' https:; connect-src 'self' https:; frame-src 'self' https:; 1 font-src maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com www.facebook.com platform.twitter.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com connect.facebook.net twitter.com platform.twitter.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 media-src 'self' *.wistia.com *.identifix.com blob:; font-src 'self' www.identifix.com fonts.gstatic.com use.fontawesome.com data:; img-src 'self' *.doubleclick.net *.adsymptotic.com *.identifix.com *.facebook.com *.linkedin.com *.google-analytics.com *.google.com *.wistia.com www.paypalobjects.com b.6sc.co data:; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 1 font-src http://leguidenoir.com https://jvdeh29369.i.lithium.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com https://www.youtube.com *.freshchat.com https://highlights.julbo.com https://9462319.fls.doubleclick.net https://be561d15705649ccb7c33f5d39cc1918.pages.ubembed.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://secure.adnxs.com *.google.com *.google.fr https://maps.gstatic.com https://maps.googleapis.com *.julbo.com *.pinterest.com data: http://leguidenoir.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.googletagmanager.com script.crazyegg.com https://connect.facebook.net https://googleads.g.doubleclick.net *.googleapis.com *.google-analytics.com *.google.com https://js-agent.newrelic.com https://www.gstatic.com https://v2.zopim.com *.zdassets.com *.pinterest.com http://leguidenoir.com https://chimpstatic.com https://cdn.funnelytics.io https://widget.freshworks.com *.freshchat.com https://be561d15705649ccb7c33f5d39cc1918.js.ubembed.com https://downloads.mailchimp.com https://9462319.fls.doubleclick.net https://assets.ubembed.com https://mc.us7.list-manage.com https://bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com http://leguidenoir.com https://wchat.freshchat.com https://jvdeh29369.i.lithium.com https://widget.freshworks.com https://snippets.freshchat.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://leguidenoir.com *.julbo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://stats.g.doubleclick.net https://www.google-analytics.com *.zdassets.com *.zopim.com *.julbo.com http://leguidenoir.com wss://widget-mediator.zopim.com https://track-v2.funnelytics.io https://widget.freshworks.com https://be561d15705649ccb7c33f5d39cc1918.events.ubembed.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob:; child-src: 'self' blob:; script-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net cdn.cookielaw.org assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; img-src 'self' data: assets.new.siemens.com maps.siemens.com metrics.brightcove.com brightcove04pmdo-a.akamaihd.net cf-images.eu-west-1.prod.boltdns.net cf-images.us-east-1.prod.boltdns.net siemens.sc.omtrdc.net track.adform.net s2033604275.t.eloqua.com cdn.cookielaw.org cookies.siemens.com; font-src 'self' data: tools.adlytics.net; connect-src 'self' search.new.siemens.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net cdn.cookielaw.org dmp.adform.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; media-src 'self' assets.new.siemens.com secure.brightcove.com *.media.brightcove.com blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; worker-src 'self' 'unsafe-inline' blob:; object-src players.brightcove.net; block-all-mixed-content; reflected-xss block; base-uri 'self'; referrer origin-when-cross-origin; report-uri https://report-uri.dc.siemens-energy.com/ 1 default-src v8.seco.tools 'self' 'unsafe-inline' 'unsafe-eval' data: secotools.azureedge.net usercontent.azureedge.net dev-usercontent.azureedge.net test-secotools.azurewebsites.net test-secotools.azureedge.net rc-secotools.azureedge.net secoresources.azureedge.net *.secotools.com seco.tools *.google.com *.google-analytics.com *.g.doubleclick.net www.googleadservices.com www.sitester.com *.ipapercms.dk *.ytimg.com *.youtube.com *.qq.com *.qpic.cn *.jotformeu.com *.jotform.me w.usabilla.com *.googletagmanager.com *.facebook.com *.facebook.net www.linkedin.com px.ads.linkedin.com snap.licdn.com d6tizftlrpuof.cloudfront.net p.adsymptotic.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws; font-src 'self' secotools.azureedge.net rc-secotools.azureedge.net test-secotools.azureedge.net fonts.gstatic.com d6tizftlrpuof.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.secotools.com securetest.secotools.com emails.secotools.com secotools.azureedge.net rc-secotools.azureedge.net test-secotools.azureedge.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net snap.licdn.com connect.facebook.net w.usabilla.com api.usabilla.com; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; frame-src https://secure.secotools.com https://securetest.secotools.com *.secotools.com www.secolocator.com form.jotform.com form.jotformeu.com ipaper.ipapercms.dk www.youtube.com www.facebook.com d6tizftlrpuof.cloudfront.net; report-uri /core/api/Monitoring/SaveCSPReport 1 default-src 'self' *.ccavenue.com *.razorpay.com *.fonepaisa.com view.officeapps.live.com www.google.com use.fontawesome.com www.youtube-nocookie.com www.youtube.com; connect-src 'self' *.elitmus.com *.elitmus.net bam.nr-data.net sentry.elitmusmail.com *.google-analytics.com api.mixpanel.com wss:; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.fontawesome.com https: data:; img-src 'self' blob: cdn0.elitmus.net *.amazonaws.com data: https: www.google.com *.google-analytics.com api.mixpanel.com; object-src 'self' *.amazonaws.com; script-src 'self' 'unsafe-inline' *.newrelic.com bam.nr-data.net cdn0.elitmus.net google-analytics.com api.mixpanel.com cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js cdn.jsdelivr.net/momentjs/latest/moment.min.js cdn.ckeditor.com/4.11.3/full/ckeditor.js https: data:; style-src 'self' 'unsafe-inline' cdn0.elitmus.net use.fontawesome.com/releases/v5.0.6/css/all.css cdn.jsdelivr.net/bootstrap/3/css/bootstrap.css cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https:; report-uri /csp_reports 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com; connect-src https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' https://www.biolib.cz https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com; style-src 'unsafe-inline' 'self'; block-all-mixed-content; report-uri https://www.mudrc.net/report.php?csp 1 default-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com wlresults.westlotto.com ergebnisse.westlotto.com www.youtube.com error.westlotto.de www.paypal.com www.paypalobjects.com data: blob: ; script-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com tags.tiqcdn.com t23.intelliad.de js.braintreegateway.com bs.serving-sys.com secure-ds.serving-sys.com www.paypalobjects.com c.paypal.com www.paypal.com connect.facebook.net maps.googleapis.com data1.open-dog.com www.google-analytics.com s3.amazonaws.com www.googletagmanager.com www.pagespeed-mod.com www.google.com www.google.de bat.bing.com scripts.psyma.com westlotto.loyjoy.com app-cloud.loyjoy.com cloud.loyjoy.com stable.loyjoy.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org visitor-service-eu-central-1.tealiumiq.com visitor-service.tealiumiq.com www.awin1.com www.dwin1.com the.sciencebehindecommerce.com 'unsafe-inline' 'unsafe-eval' data: blob: ; script-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com tags.tiqcdn.com t23.intelliad.de visitor-service-eu-central-1.tealiumiq.com visitor-service.tealiumiq.com js.braintreegateway.com maps.googleapis.com www.googletagmanager.com www.youtube.com www.paypalobjects.com c.paypal.com www.paypal.com bs.serving-sys.com secure-ds.serving-sys.com scripts.psyma.com connect.facebook.net www.google-analytics.com www.pagespeed-mod.com bat.bing.com www.googleadservices.com googleads.g.doubleclick.net data1.bresera.com westlotto.loyjoy.com cloud.loyjoy.com stable.loyjoy.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org www.awin1.com www.dwin1.com the.sciencebehindecommerce.com translate.googleapis.com 'unsafe-inline' 'unsafe-eval' data: ; style-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org fonts.googleapis.com translate.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org fonts.googleapis.com adblockers.opera-mini.net translate.googleapis.com 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com client-analytics.braintreegateway.com api.braintreegateway.com api.braintreegateway.com payments.braintree-api.com www.paypal.com steganos-api.ciuvo.com www.facebook.com collect-eu-central-1.tealiumiq.com the.sciencebehindecommerce.com app-cloud.loyjoy.com app-westlotto.loyjoy.com cloud.loyjoy.com stable.loyjoy.com app-stable.loyjoy.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org www.google.com www.google.de bat.bing.com wss://www.westlotto.de data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com www.eurojackpot.de eurojackpot.de www.eurojackpot.com eurojackpot.com fonts.gstatic.com use.typekit.net data: ; img-src 'self' www.westlotto.de westlotto.de data.westlotto.de www.westlotto.com westlotto.com csi.gstatic.com maps.gstatic.com www.gstatic.com maps.googleapis.com www.google-analytics.com www.google.com www.google.de bat.bing.com westlotto01.webtrekk.net app-westlotto.loyjoy.com cloud.loyjoy.com westlotto.loyjoy.com app-cloud.loyjoy.com fbc.wcfbc.net app-stable.loyjoy.com dan.mgr.consensu.org cdn.dan.mgr.consensu.org lh3.ggpht.com www.facebook.com www.awin1.com geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com c.paypal.com t.paypal.com *.stats.paypal.com c6.paypal.com translate.google.com stats.g.doubleclick.net cx.atdmt.com www.paypal.com www.paypalobjects.com translate.googleapis.com scripts.psyma.com collect-eu-central-1.tealiumiq.com data: blob: ; child-src 'self' www.westlotto.de westlotto.de ergebnisse.westlotto.com www.youtube.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de partners.webmasterplan.com; frame-src 'self' www.westlotto.de westlotto.de ergebnisse.westlotto.com www.youtube.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de westlotto-job.perbit-job.de partners.webmasterplan.com c.paypal.com www.paypal.com www.awin1.com www.dwin1.com tpc.googlesyndication.com data: ; block-all-mixed-content; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/reportOnly 1 font-src *.fontawesome.com fonts.gstatic.com/ data: *.commerce-connector.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.dotdigital.com secure.pay1.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.pixriot.com tracking.qa.paypal.com seal-seflorida.bbb.org data: bat.bing.com *.google.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net tags.w55c.net *.commerce-connector.com *.commerce-connector.de *.googleapis.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.cookielaw.org *.paypal.com *.paypalobjects.com mc.us10.list-manage.com seal-seflorida.bbb.org www.google.com tagmanager.google.com www.gstatic.com bat.bing.com *.trackedlink.net secure.pay1.de cdn.klarna.com *.commerce-connector.com *.googleapis.com www.googletagmanager.com www.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com seal-seflorida.bbb.org fonts.googleapis.com *.google.com *.commerce-connector.com *.google.de *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.pixriot.com *.cookielaw.org www.paypal.com bat.bing.com *.google-analytics.com *.doubleclick.net *.commerce-connector.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.addtoany.com admin-sp.shuftipro.com *.shuftipro.com *.google.com www.googletagmanager.com bat.bing.com a.quora.com www.google-analytics.com googleads.g.doubleclick.net widget.intercom.io js.intercomcdn.com *.gstatic.com cdn.mouseflow.com js.hs-scripts.com www.googleadservices.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net cdn.jsdelivr.net snap.licdn.com static.cloudflareinsights.com ajax.googleapis.com fast.wistia.com platform.twitter.com unpkg.com connect.facebook.net cdn.ampproject.org code.jquery.com maxcdn.bootstrapcdn.com prismjs.com blob: 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src 'self' https://*.trustage.com; connect-src 'self' https://*.trustage.com https://cunamutual.okta.com/ https://bat.bing.com https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.qualtrics.com/ https://dc.services.visualstudio.com/ https://*.levelaccess.net https://www.googletagmanager.com; frame-src 'self' https://*.trustage.com https://*.trustpilot.com/ https://*.flashtalking.com https://*.google.com https://*.qualtrics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.trustage.com https://*.salesforceliveagent.com/ https://*.oktacdn.com/ https://*.trustpilot.com/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://*.levelaccess.net/ https://www.google-analytics.com/ https://*.qualtrics.com/ https://www.googleoptimize.com https://bat.bing.com https://*.google.com; style-src 'self' 'unsafe-inline' https://*.trustage.com https://*.trustpilot.com https://*.google.com https://fonts.googleapi.com; img-src 'self' 'unsafe-inline' data: https://*.trustage.com https://*.force.com https://bat.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://trustageimages.azureedge.net https://*.google.com https://*.qualtrics.com; font-src 'self' https://fonts.gstatic.com; report-uri /api/csp/report; 1 font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.lagrangesystems.net unpkg.com js.braintreegateway.com tpc.googlesyndication.com ws.sharethis.com *.pinterest.com magnetic.t.domdex.com www.googletagmanager.com *.bronto.com player.vimeo.com www.google-analytics.com *.olark.com f.vimeocdn.com www.tag4arm.com secure.quantserve.com intljs.rmtag.com www.googleadservices.com connect.facebook.net cdn.pbbl.co *.steelhousemedia.com s.pinimg.com ut.ra.linksynergy.com rules.quantcount.com googleads.g.doubleclick.net js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google.com rum-static.pingdom.net www.gstatic.com p.bm23.com s.yimg.com *.cloudfront.net *.googleapis.com sp.analytics.yahoo.com script.crazyegg.com *.lagrangesystems.net bat.bing.com edge.quantserve.com 193.238.46.57 js.adsrvr.org *.fbot.me g.microsoft.com *.paypal.com 1 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.diadoc.ru/private/csp-report 1 report-uri https://www.yelp.com/csp_report_only?id=b773f1665814c148&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1618356851; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src *.pharm24.gr data:; frame-src *.googletagmanager.com *.hotjar.com *.dco.gr *.disqus.com *.linkwi.se *.adsrvr.org *.google.com *.googlesyndication.com *.agkn.com *.facebook.net *.facebook.com *.youtube.com *.cookiebot.com *.aimtell.com; img-src * data: *.pharm24.gr *.youtube.com *.facebook.com trustmark.gr; script-src 'self' *.pharm24.gr *.adman.gr *.hotjar.com *.googleapis.com *.google.com *.cloudflareinsights.com *.cloudflare.com *.disquscdn.com *.shareaholic.com *.stackpathcdn.com *.cloudfront.net *.adsrvr.org *.instagram.com *.ampproject.org *.googlesyndication.com *.disqus.com *.cookiebot.com trustmark.gr *.agkn.com *.zdassets.com *.trustmark.gr *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.com connect.facebook.net *.facebook.net googleads.g.doubleclick.net *.doubleclick.net *.zopim.com *.linkwi.se s3.amazonaws.com *.amazonaws.com *.aimtell.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.pharm24.gr *.bootstrapcdn.com 'unsafe-inline'; worker-src 'self' *.aimtell.com; font-src 'self' *.hotjar.com *.stats.pharm24.gr *.pharm24.gr *.gstatic.com *.bootstrapcdn.com *.stackpathcdn.com *.zopim.com data:; connect-src *.adman.gr *.hotjar.com *.googlesyndication.com *.trustmark.gr *.ampproject.org *.google.com *.google.gr *.disqus.com *.shareaholic.net backup.pharm24.gr:* *.pharm24.gr *.doubleclick.net *.google-analytics.com *.agkn.com *.zdassets.com *.amazonaws.com *.facebook.com *.aimtell.com wss://widget-mediator.zopim.com wss://ws6.hotjar.com/api/v2/client/ws 1 child-src bid.g.doubleclick.net js.stripe.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.youtube.com; connect-src 'self' api-iam.intercom.io api-us-east-1.graphcms.com api.bellhop.com api.bellhops.dev api.bellhops.xyz api.honeybadger.io api.segment.io bat.bing.com bellhop.extole.io ct.pinterest.com d.adroll.com d.adroll.mgr.consensu.org dev.visualwebsiteoptimizer.com in.hotjar.com l0.dca0.com l1.dca0.com l10.dca0.com l11.dca0.com l12.dca0.com l13.dca0.com l14.dca0.com l15.dca0.com l16.dca0.com l17.dca0.com l18.dca0.com l2.dca0.com l3.dca0.com l4.dca0.com l5.dca0.com l6.dca0.com l7.dca0.com l8.dca0.com l9.dca0.com nf44a9pati.execute-api.us-west-2.amazonaws.com o27727.ingest.sentry.io optout.dca0.com s.adroll.com s.yimg.com sn.dca0.com sn36.dca0.com stats.g.doubleclick.net subwayblaze.com t.dca0.com vc.hotjar.io widget.intercom.io wss://nexus-websocket-a.intercom.io www.facebook.com www.google-analytics.com xds.dca0.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' a.quora.com alb.reddit.com analytics.twitter.com api-iam.intercom.io api-us-east-1.graphcms.com api.bellhop.com api.getvero.com api.segment.io bat.bing.com bid.g.doubleclick.net cdn.segment.com connect.facebook.net ct.pinterest.com d.adroll.com d.adroll.mgr.consensu.org d3qxef4rp70elm.cloudfront.net data: downloads.intercomcdn.com drh5vf6sssvlm.cloudfront.net fonts.googleapis.com fonts.gstatic.com googleads.g.doubleclick.net in.hotjar.com js.intercomcdn.com js.stripe.com maps.googleapis.com maps.gstatic.com media.graphcms.com o27727.ingest.sentry.io pnapi.invoca.net q.quora.com s.adroll.com s.pinimg.com script.hotjar.com self solutions.invocacdn.com static.ads-twitter.com static.hotjar.com static.intercomassets.com stats.g.doubleclick.net t.co tpc.googlesyndication.com vars.hotjar.com vc.hotjar.io widget.intercom.io wss wss://nexus-websocket-a.intercom.io www.facebook.com www.google-analytics.com www.google.com www.google.com.bd www.googleadservices.com www.googletagmanager.com www.redditstatic.com; font-src 'self' data: fonts.gstatic.com js.intercomcdn.com; form-action api-iam.intercom.io webto.salesforce.com www.facebook.com; frame-src bid.g.doubleclick.net js.stripe.com tpc.googlesyndication.com vars.hotjar.com www.facebook.com www.youtube.com; img-src 'self' alb.reddit.com analytics.twitter.com bat.bing.com ct.pinterest.com cx.atdmt.com d3tomwqokpf9ra.cloudfront.net dev.visualwebsiteoptimizer.com data: downloads.intercomcdn.com drh5vf6sssvlm.cloudfront.net filter.vworldc.com googleads.g.doubleclick.net i.ytimg.com js.intercomcdn.com localhost:10689 logs-01.loggly.com maps.googleapis.com maps.gstatic.com media.graphcms.com origin.xtlo.net q.quora.com s3.amazonaws.com static.intercomassets.com t.co www.bellhop.com www.facebook.com www.google-analytics.com www.google.at www.google.bg www.google.ca www.google.co.in www.google.co.uk www.google.co.za www.google.com www.google.com.br www.google.com.ni www.google.com.pe www.google.es www.google.fi www.google.ie www.google.nl www.googleadservices.com www.googletagmanager.com www.lightboxcdn.com; manifest-src 'self'; media-src js.intercomcdn.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' a.quora.com aa.agkn.com analytics.twitter.com api.getvero.com bat.bing.com bellhop.extole.io cdn.segment.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org d.impactradius-event.com d3qxef4rp70elm.cloudfront.net dev.visualwebsiteoptimizer.com filter.vworldc.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com lightboxapi.azurewebsites.net maps.googleapis.com pnapi.invoca.net s.adroll.com s.dca0.com s.pinimg.com script.hotjar.com sn.dca0.com solutions.invocacdn.com static.ads-twitter.com static.hotjar.com tpc.googlesyndication.com widget.intercom.io www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.lightboxcdn.com www.redditstatic.com xds.dca0.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' 0btl2.anonstats.com a.quora.com analytics.twitter.com api.getvero.com bat.bing.com cdn.segment.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org d3qxef4rp70elm.cloudfront.net fhfht.z6airr.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.adroll.com s.dca0.com s.pinimg.com s.yimg.com script.hotjar.com sn.dca0.com solutions.invocacdn.com sp.analytics.yahoo.com static.ads-twitter.com static.hotjar.com tpc.googlesyndication.com widget.intercom.io www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com xds.dca0.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' fonts.googleapis.com origin.xtlo.net www.lightboxcdn.com; style-src 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; worker-src blob: 1 default-src 'self' data: *.typekit.net *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.whoisvisiting.com *.vuture.net siteimproveanalytics.com 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com bam-cell.nr-data.net cdn.brandingbrand.com global.prd.borderfree.com tpc.googlesyndication.com m.jamesperse.com www.jamesperse.com static.jamesperse.com *.turn.com *.appspot.com server.iad.liveperson.net connect.facebook.net ajax.googleapis.com www.googletagmanager.com bat.bing.com ut.rd.linksynergy.com *.listrakbi.com tag.rmp.rakuten.com lptag.liveperson.net www.google-analytics.com raw.githubusercontent.com *.yimg.com *.akamaized.net *.coremetrics.com ut.ra.linksynergy.com resources.xg4ken.com services.listrak.com sp.analytics.yahoo.com lptag.liveperson.net *.lpsnmedia.net va.v.liveperson.net va-s.c.liveperson.net js-agent.newrelic.com *.adroll.com bam.nr-data.net assets.pinterest.com tags.mediaforge.com d.adroll.mgr.consensu.org intljs.rmtag.com suggest.instantsearchplus.com wm.prd.borderfree.com www.google.com apis.google.com www.googleadservices.com jamesperse.com widget-mediator.zopim.com services.xg4ken.com 113.xg4ken.com g.microsoft.com 1 default-src https: wss: data: blob: 'unsafe-inline' 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.google.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://stats.g.doubleclick.net/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; font-src 'self' https: data: static-v.tawk.to fonts.gstatic.com; img-src 'self' https: data: www.googletagmanager.com cdn.jsdelivr.net/emojione/ static-v.tawk.to; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com cdn.mxpnl.com embed.tawk.to cdn.jsdelivr.net/emojione/ static-v.tawk.to 'nonce-qKMoObKf0acqPW0dGI9Juw=='; style-src 'self' https: 'unsafe-inline' cdn.jsdelivr.net/emojione/ fonts.googleapis.com 'nonce-qKMoObKf0acqPW0dGI9Juw=='; connect-src 'self' wss: https: *.tawk.to; media-src 'self' https: static-v.tawk.to; frame-src 'self' https: va.tawk.to; report-uri /csp-report 1 default-src 'self' *.hsbc.com.vn; script-src 'self' 'unsafe-eval' *.hsbc.com.vn 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.com.vn 'unsafe-inline'; img-src 'self' *.hsbc.com.vn data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.com.vn hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.com.vn col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; 1 child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' *.favorengineering.com *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' cdn.siftscience.com js.stripe.com maps.googleapis.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard 1 default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de; script-src 'strict-dynamic' 'nonce-9e9b0a30c64884049fc648168a87dbca' 'nonce-17e0a43ec490785f4f57f7b3840ee45c' 'nonce-4196a16520c6f9bf9d5ded018b595feb' 'nonce-bbc0c99f19bcf77c7f0e7a727f7db71a' 'nonce-1f771285f76a846ba3fdff0d6d41e87e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-9e9b0a30c64884049fc648168a87dbca' 'nonce-17e0a43ec490785f4f57f7b3840ee45c' 'nonce-4196a16520c6f9bf9d5ded018b595feb' 'nonce-bbc0c99f19bcf77c7f0e7a727f7db71a' 'nonce-1f771285f76a846ba3fdff0d6d41e87e' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' oekom.de www.oekom.de *.newsletter2go.com *.saferpay.com captcha.wirth-horn.de matomo.oekomlamp.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://fonts.googleapis.com https://www.youtube.com https://www.youtu