Values for content-security-policy-report-only:
default-src 'self' www.google.com www.gstatic.com img6.wsimg.com *.secureserver.net collect.tealiumiq.com *.akamaihd.net c.go-mpulse.net *.akstat.io www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.godaddy.com data:;font-src * data: blob:;style-src 'self' 'unsafe-inline' img6.wsimg.com www.gstatic.com;script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src * data: blob:;frame-src * data: blob:;report-uri /forsale/api/csp-reports 345
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 193
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 150
default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 76
72
default-src https: 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk; script-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com hmrc-uk.digital.nuance.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.gstatic.com 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com hmpowebchat.klick2contact.com omni.eckoh.uk www.signin.service.gov.uk; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 71
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 66
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 60
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 55
default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src *; style-src 'unsafe-inline' *; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 29
default-src 'self' 24
default-src 'self'; img-src * data:; media-src *; font-src * https://*.aptrinsic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' sf.wildapricot.org caas-sf.wildapricot.org https://fonts.gstatic.com https://fonts.googleapis.com https://*.aptrinsic.com https://*.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' sf.wildapricot.org caas-sf.wildapricot.org https://*.google-analytics.com https://*.googleadservices.com ajax.googleapis.com https://*.newrelic.com https://*.aptrinsic.com https://*.uservoice.com https://*.elev.io https://*.zdassets.com https://*.pagespeed-mod.com; connect-src 'self' https://*.aptrinsic.com https://*.elev.io https://wildapricot.zendesk.com https://ekr.zdassets.com wss://widget-mediator.zopim.com; report-uri https://csp.uel.wildapricot.com/report 23
report-uri /report-csp-violation 18
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com  wss://*.hotjar.com wss://*.qualified.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 14
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 14
default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://pay.google.com https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://pay.google.com https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com 14
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 13
frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 12
frame-ancestors 'self' 12
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 12
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 12
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://cdn-sp.kertn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://app.vwo.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 12
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 11
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googletagmanager.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 11
font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 11
style-src https://*.americanexpress.com/ https://e3.insurance.online-eapp.com/ https://secure.cmax.americanexpress.com/ 'unsafe-inline' 'self' https://cdn.vivocha.com/ https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com/ https://cloud.webtype.com/ https://*.aexp-static.com/ https://cloud.typenetwork.com/ https://*.typekit.net/; script-src https://www.americanexpress.com.tr/ 'self' https://assets.delvenetworks.com/ https://cdn.taboola.com/ https://ds-aksb-a.akamaihd.net/ https://s.yjtag.jp/ https://www.cdn-path.com/ https://googleads.g.doubleclick.net/ https://cdn.smartnews-ads.com/ https://www.gstatic.com/ https://s.yimg.com/ https://js-cdn.dynatrace.com/ https://www.googleadservices.com/ https://*.hotjar.com/ https://aexp.demdex.net/ https://*.yahoo.co.jp/ https://secure.cmax.americanexpress.com/ https://*.ladsp.com/ https://d5phz18u4wuww.cloudfront.net/ https://img.en25.com/ https://accdn.lpsnmedia.net/ https://s.yimg.jp/ https://bat.bing.com/ https://*.omtrdc.net/ https://aa.agkn.com/ https://bam-cell.nr-data.net/ https://ads.avocet.io/ https://webgwy.neustar.biz/ https://va.v.liveperson.net/ https://unpkg.com/ https://acdn.adnxs.com/ https://cdnssl.clicktale.net/ https://*.bootstrapcdn.com/ https://c.evidon.com/ https://secure.leadforensics.com/ 'unsafe-eval' https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ 'unsafe-inline' https://use.typekit.net/ https://dsp-media.eskimi.com/ https://sp10056b1c.guided.ss-omtrdc.net/ https://*.d41.co/ https://*.liveperson.net/ https://*.vivocha.com/ https://script.crazyegg.com/ https://code.jquery.com/ https://www.cdn-net.com/ https://js-agent.newrelic.com/ https://*.exactag.com/ https://so.rlcdn.com/ https://dev.visualwebsiteoptimizer.com/ https://www.americanexpress.com.kw/ https://analytics.tiktok.com/ https://service.maxymiser.net/ https://ads.avct.cloud/ https://www.americanexpress.com.mo/ https://www.googletagmanager.com/ https://*.aexp-static.com/ https://www.youtube.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://tag.bounceexchange.com/ https://*.americanexpress.com/ https://e3.insurance.online-eapp.com/ https://cdn.appdynamics.com/ https://*.google-analytics.com/ https://ct.contentsquare.net/ https://nexus.ensighten.com/ https://mc.yandex.ru/ https://*.googleapis.com/ https://www.americanexpress.com.sa/ https://www.amexpressnetwork.com/ https://sc-static.net/ http://ajax.googleapis.com/ https://www.google.com/; base-uri 'self' https://www.aexp-static.com/; plugin-types image/svg+xml; form-action https://www.cdn-net.com/ https://www.facebook.com/ https://amexhk.chubbtravelinsurance.com/ 'self' https://www.axa-travel-insurance.com/ https://tr.snapchat.com/ https://*.custhelp.com/ https://global.americanexpress.com/ https://online.americanexpress.com.sa/ https://www.cdn-path.com/ https://gi.zurich.com.hk/; frame-src https://*.americanexpress.com/ https://icm.aexp-static.com/ https://cdn.appdynamics.com/ https://*.demdex.net/ https://www.youtube-nocookie.com/ https://www.americanexpress.com.qa/ https://player.vimeo.com/ https://um.ladsp.com/ https://www.cdn-path.com/ https://vars.hotjar.com/ https://www.cdn-net.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://s.amazon-adsystem.com/ https://i1.vivocha.com/ https://va.v.liveperson.net/ https://www.americanexpress.com.kw/ https://youtube.com/ https://www.google.com/ https://www.youtube.com/ https://youtu.be/; img-src data: 'self' https:; connect-src https://amexhk.chubbtravelinsurance.com/ https://vid1029.d41.co/ 'self' https://stats.g.doubleclick.net/ https://*.vivocha.com/ https://*.custhelp.com/ https://script.crazyegg.com/ https://ds-aksb-a.akamaihd.net/ https://*.contentsquare.net/ https://www.cdn-path.com/ https://www.google-analytics.com/ https://ing-district.clicktale.net/ https://www.cdn-net.com/ https://functions.aexp.com/ https://s.yimg.com/ https://www.axa-travel-insurance.com/ https://dev.visualwebsiteoptimizer.com/ https://www.googleadservices.com/ https://analytics.tiktok.com/ https://bf93265vfe.bf.dynatrace.com/ https://*.aexp-static.com/ https://*.hotjar.com/ https://siteintercept.qualtrics.com/ https://online.americanexpress.com.sa/ https://images.trvl-media.com/ https://*.americanexpress.com/ https://secure.cmax.americanexpress.com/ https://dpm.demdex.net/ https://trc-events.taboola.com/ https://tr.snapchat.com/ https://lib-us-1.brilliantcollector.com/ https://bat.bing.com/ https://dining-offers-prod.amex.r53.tuimedia.com/ https://gi.zurich.com.hk/ https://bam-cell.nr-data.net/ https://www.facebook.com/ https://vc.hotjar.io/ https://aeopprodvip.acxiom.com/ https://c.evidon.com/ https://www.google.com/ wss://*.hotjar.com/ https://col.eum-appdynamics.com/ data:; object-src 'self' https://icm.aexp-static.com/; worker-src 'self' blob:; media-src https://origin-slgem.americanexpress.com/ https://www.aexp-static.com/ https://*.llnw.net/ 'self' http://production.smedia.lvp.llnw.net/; frame-ancestors 'none'; font-src https://e3.insurance.online-eapp.com/ https://www.aexpstatic.com/ https://fonts.gstatic.com/ https://use.typekit.net/ 'self' https://cdn.vivocha.com/ https://*.aexp-static.com/ https://cloud.typenetwork.com/ data:; 10
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 10
default-src 'self'; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com/ https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://api.personio.de/recruiting/applicant https://bat.bing.com/actionp/; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.instana.io; frame-ancestors 'self' https://www.meinestadt.de; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https: https://*.instana.io; font-src data: 'self' https://www.sovendus.com/banner-responsive/; style-src 'self' 'unsafe-inline' https://www.sovendus.com https://*.custhelp.com https://translate.googleapis.com; media-src 'self'; report-uri /ls/?reportOnly=true 10
default-src 'self'; img-src 'self' *.bing.com *.clarity.ms *.theaccessgroup.com accessgroup-website-v8-preview.azureedge.net accessgrouppreviewweb.azureedge.net accessgroupuatweb.azureedge.net accessgroupweb.azureedge.net cdn.jsdelivr.net id.rlcdn.com match.prod.bidr.io px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com *.blob.core.windows.net *.placeholder.com *.doubleclick.net www.google.co.uk www.google.com bat.bing.com www.google-analytics.com www.facebook.com www.google-analytics.com data: cdn.bizible.com; script-src 'self' 'unsafe-inline' cdn-3.convertexperiments.com ucalc.pro *.clarity.ms *.ucalc.pro analytics.twitter.com npmcdn.com app-lon05.marketo.com pages.theaccessgroup.com tracker.gaconnector.com api.ipify.org bat.bing.com static.ads-twitter.com snap.licdn.com www.googleadservices.com connect.facebook.net tag.demandbase.com tags.srv.stackadapt.com snap.licdn.com www.google-analytics.com www.googleadservices.com www.youtube.com secure.perk0mean.com static.hotjar.com script.hotjar.com widget.surveymonkey.com googleads.g.doubleclick.net www.googletagmanager.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net munchkin.marketo.net cdn.bizible.com; style-src 'self' 'unsafe-inline' *.ucalc.pro tags.srv.stackadapt.com app-lon05.marketo.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com pro.fontawesome.com use.typekit.net p.typekit.net; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com  pro.fontawesome.com;connect-src *.clarity.ms *.mktoresp.com in.hotjar.com api.company-target.com tags.srv.stackadapt.com bat.bing.com www.google-analytics.com stats.g.doubleclick.net;frame-src *.ucalc.pro vars.hotjar.com app-lon05.marketo.com www.youtube.com player.vimeo.com www.facebook.com *.doubleclick.net; 10
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 10
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 9
default-src 'self' data: blob: *.verisign.com; img-src 'self' data: *.verisign.com *.siteimproveanalytics.io *.brightcove.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com polyfill.io assets.adobedtm.com siteimproveanalytics.com players.brightcove.net *.zencdn.net *.verisign.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.prod.boltdns.net *.brightcove.com *.akamaihd.net *.greenhouse.io *.verisign.com; worker-src blob: 9
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 9
default-src https: data: 'unsafe-inline' 'unsafe-eval' 9
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 9
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 9
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com https://maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://maps.googleapis.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.googleapis.com *.google.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://maps.googleapis.com https://*.ingest.sentry.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 9
default-src 'self'; 9
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 8
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php 8
report-uri https://www.rbb-online.de/app/tpso-cspr/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 8
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com; 8
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.teststagram.com *.igsonar.com *.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; 8
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 7
img-src 'self' https://ad.doubleclick.net https://analytics.twitter.com https://bat.bing.com https://c.clarity.ms https://captcha.eset.com https://cm.g.doubleclick.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://ssitecat.eset.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.co.in https://www.google.co.jp https://www.google.co.nz https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.ec https://www.google.com.mx https://www.google.com.sg https://www.google.cz https://www.google.de https://www.google.dj https://www.google.fr https://www.google.hu https://www.google.it https://www.google.nl https://www.google.pl https://www.google.sk https://www.googletagmanager.com; connect-src 'self' https://*.analytics.google.com https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.hotjar.com https://adservice.google.com https://analytics.google.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn1.esetstatic.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://script.hotjar.com https://static.ads-twitter.com https://static.hotjar.com https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com; default-src 'self'; font-src 'self'; frame-src 'self' https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://eset.demdex.net https://vars.hotjar.com https://widget.trustpilot.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 7
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 7
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 7
default-src https: 'unsafe-inline' 'unsafe-eval' 7
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 7
object-src 'none'; script-src 'none'; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 7
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 6
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com *.mopinion.com; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com *.mopinion.com; img-src http: https: data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com *.mopinion.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' *.mopinion.com fonts.gstatic.com data:; connect-src 'self' *.mopinion.com; report-uri /report-csp-violation; upgrade-insecure-requests 6
default-src 'self'; connect-src 'self' blob: https://account.proton.me https://reports.proton.me https://*.algolia.net https://*.algolianet.com; script-src 'self' blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; 6
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/csp 6
report-uri /report-csp-violation; upgrade-insecure-requests 6
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 6
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 6
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 6
default-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' *.assurance.com; worker-src blob: *.assurance.com; report-uri https://60ede17b9dc1b52ae71f0257.endpoint.csper.io; 6
default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval' 6
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 6
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 5
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 5
frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 5
default-src https: wss: 5
frame-ancestors 'self' https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au https://apis.google.com https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.builder.io/ https://builder.io; frame-src 'self' https://*.criteo.com https://*.criteo.net https://accounts.google.com https://*.shopstyleops.com/ https://www.youtube.com https://js.stripe.com *.doubleclick.net; default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au https://apis.google.com http://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com http://www.googleadservices.com https://connect.facebook.net https://appleid.cdn-apple.com https://sentry.io https://stage.rakuten.com https://www.rakuten.com/rewards-visited.htm https://www.rakuten.com/ *.pingdom.net *.doubleclick.net *.bing.com *.criteo.net *.criteo.com https://*.builder.io/ *.fullstory.com; connect-src 'self' https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au *.pingdom.net *.doubleclick.net https://appleid.cdn-apple.com https://*.google.com https://www.google-analytics.com http://www.google-analytics.com https://graph.facebook.com https://connect.facebook.net https://www.facebook.com https://sentry.io https://stage.rakuten.com https://www.rakuten.com/rewards-visited.htm https://www.rakuten.com/ https://*.builder.io/ https://builder.io/ *.bing.com *.criteo.net *.criteo.com *.fullstory.com; style-src 'self' 'unsafe-inline' https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au; style-src-elem 'self' 'unsafe-inline'; img-src 'self' https://*.shopstyle-cdn.com https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au https://www.rakuten.com https://cdn.builder.io https://builder.io https://*.facebook.com https://*.fbcdn.net http://*.google-analytics.com http://*.google.com http://*.google.fr http://*.google.co.uk http://*.google.com.au http://*.google.ca http://*.googletagmanager.com https://*.doubleclick.net *.bing.com *.criteo.com; font-src 'self' https://*.builder.io/ https://builder.io; form-action 'self' https://*.shopstyledev.com https://*.shopstyleqa.com https://*.shopstyle.com https://*.shopstyle.co.uk https://*.shopstyle.ca https://*.shopstyle.com.au; 5
default-src https: 'unsafe-inline' data: 5
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 5
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 5
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; img-src https: blob: data:; font-src https: blob: data:; frame-ancestors *.calypso.net.au *.flightcentre.com.au *.flightcentre.co.za *.flightcentre.co.nz *.flightcentre.co.uk; report-uri /api/csp-report; 5
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.rawgit.com/noelboss/featherlight/1.7.13/release/featherlight.min.js https://dnnapi.com/analytics/js/2025474.js https://extend.vimeocdn.com/ga/46956892.js https://js.hs-analytics.net/analytics/1663773900000/1689245.js https://js.hs-banner.com/1689245.js https://js.hs-scripts.com/1689245.js https://js.hsleadflows.net/leadflows.js https://kit.fontawesome.com/4d19817571.js https://m.addthis.com/live/red_lojson/300lo.json https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://s7.addthis.com/js/300/addthis_widget.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://siteimproveanalytics.com/js/siteanalyze_6026284.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://v1.addthisedge.com/live/boost/ra-5d1b565ab36008ba/_ate.track.config_resp https://www.clarity.ms/tag/4yl1wm26dp https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://z.moatads.com/addthismoatframe568911941483/moatframe.js; style-src 'report-sample' 'self' https://cdn.rawgit.com https://cloud.typography.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://api-public.addthis.com https://cdn.cookielaw.org https://forms.hubspot.com https://k.clarity.ms https://ka-p.fontawesome.com https://m.addthis.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://s7.addthis.com; img-src 'self' http://www.ssctech.com https://6026284.global.siteimproveanalytics.io https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://632b2de6ef389e2c71225217.endpoint.csper.io/?v=0; worker-src 'none'; 5
base-uri 'none'; report-uri https://vault.gostatera.com/collect/csp 5
font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-report.ctidigital.com/report; report-to report-endpoint; 5
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.gigya.com https://*.gigya.com https://consentcdn.cookiebot.com https://*.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: https://*.gigya.com https://www.google.it https://bam.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com https://legals.paninigroup.com https://*.cookiebot.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.addthis.com https://*.facebook.com https://*.addthisedge.com https://*.moatads.com https://*.recaptcha.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://legals.paninigroup.com https://stats.g.doubleclick.net https://*.facebook.com https://bam.nr-data.net https://*.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src 'self' cdn.cookielaw.org www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net; script-src 'self' 'unsafe-inline' *.googletagmanager.com googletagmanager.com *.google-analytics.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org *.sharpmarketing.eu *.googleapis.com *.gstatic.com *.google.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com www.google.com www.google.co.uk www.google.de www.google.at *.sharpmarketing.eu *.actonsoftware.com; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' data:; connect-src 'self' bam.nr-data.net cdn.cookielaw.org *.google-analytics.com *.googleapis.com stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu *.hotjar.com; report-uri https://apps.sharp.eu/sharp/apps/eu/csp-violation/report.php; upgrade-insecure-requests 5
child-src 'self' blob: https://youtube.com https://www.youtube.com https://plusone.google.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://facebook.com https://connect.facebook.net https://platform.twitter.com https://bat.bing.com https://sdk.privacy-center.org https://bam.eu01.nr-data.net https://www.clarity.ms https://d.clarity.ms https://*.doubleclick.net https://tr.snapchat.com https://servedby.flashtalking.com https://insight.adsrvr.org https://vars.hotjar.com; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com s7.addthis.com; script-src-elem 'self' 'unsafe-inline' walibi.fr https://apis.google.com https://www.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://service.maxymiser.net https://snap.licdn.com https://t.contentsquare.net https://youtube.com https://www.youtube.com https://plusone.google.com https://www.gstatic.com https://facebook.com https://connect.facebook.net https://bat.bing.com https://sdk.privacy-center.org https://bam.eu01.nr-data.net https://*.clarity.ms https://cdn.goldenbees.fr https://tag.goldenbees.fr https://sc-static.net https://js-agent.newrelic.com https://api.ipify.org https://s.pinimg.com https://js.adsrvr.org https://insight.adsrvr.org https://static.hotjar.com https://script.hotjar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com s7.addthis.com 5
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pal-test.adyen.com http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com *.vimeo.com *.youtube.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com *.weltpixel.com https://odr.promo.dev/ https://vars.hotjar.com/ https://td.yieldify.com/ https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: p.typekit.net www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com 'self' data: *.gstatic.com http://lindt-hg65tr.your-printq.com https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://static-eu.payments-amazon.com/checkout.js https://script.hotjar.com/ https://static.hotjar.com/ https://td.yieldify.com/ https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://api.permaleads.ch/api.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://api.permaleads.ch/ https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.google-analytics.com https://www.google-analytics.com https://ws36.hotjar.com/ wss://ws36.hotjar.com/api/v2/client/ws https://in.hotjar.com/ wss://ws8.hotjar.com/ https://ws8.hotjar.com/ https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://*.hotjar.com wss://*.hotjar.com https://api.permaleads.ch https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://tpc.googlesyndication.com;report-uri /_/GeoMerchantPrestoSiteUi/cspreport/allowlist 5
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data: https://www.facebook.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://snap.licdn.com; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-4NWk9AxezPhBNT1B19ASEX5aOSWvbsGlXMQZZFOq1pI=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 4
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 4
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 4
frame-ancestors 'self' https://console.twilio.com;report-uri https://www.twilio.com/console/api/cspr 4
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://px.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com https://googleads.g.doubleclick.net;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com 4
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 4
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 4
frame-ancestors 'self'; block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://static.addtoany.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com;style-src 'self' 'report-sample' 'unsafe-inline' *.nebula.zyxel.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net;object-src *.googlesyndication.com;child-src 'self' blob: *.addtoany.com *.googlesyndication.com *.google.com *.doubleclick.net;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clearbitjs.com *.marketo.net *.facebook.net *.licdn.com *.google-analytics.com *.linkedin.com *.intercom.io *.vimeo.com *.twitter.com *.hotjar.com *.googleoptimize.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.intercomcdn.com; report-uri /api/csp-reports 4
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 4
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 4
frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 4
upgrade-insecure-requests; base-uri 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://fonts.googleapis.com https://sdk.primer.io https://a.loveholidays.com; report-uri /csp-report/ 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 4
default-src 'self' *.smartschool.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com https://ssl.p.jwpcdn.com stats.wp.com use.typekit.net p.jwpcdn.com *.google-analytics.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' c0.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com data:; img-src 'self' *.typekit.net pixel.wp.com *.google-analytics.com stats.g.doubleclick.net data:; connect-src performance.typekit.net stats.g.doubleclick.net; report-uri /csp-violation.php 4
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 4
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.fonts.net *.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cybersource.com *.yotpo.com swellrewards.com *.swellrewards.com *.arcot.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com *.weltpixel.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com *.jobvite.com *.youtube-nocookie.com *.demdex.net *.kaptcha.com *.braintreegateway.com *.doubleclick.net *.arcot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com *.zagg.com *.listrakbi.com *.braintreegateway.com *.google.com *.payments-amazon.com *.bing.com *.emjcd.com *.go2cloud.org *.pinimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.cardinalcommerce.com h.online-metrix.net www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com *.osano.com *.jobvite.com *.listrakbi.com *.listrak.com *.braintreegateway.com *.paypalobjects.com acsbap.com acsbapp.com *.youtube.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bing.com *.upsellit.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.fontawesome.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com *.fonts.net *.listrakbi.com *.espssl.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.cardinalcommerce.com h.online-metrix.net *.yotpo.com swellrewards.com *.swellrewards.com *.listrakbi.com *.listrak.com *.googleapis.com *.osano.com *.braintreegateway.com *.doubleclick.net *.acsbapp.com *.nr-data.net *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.braintreegateway.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://zagg.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 4
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://s.go-mpulse.net https://cdn.siteimprove.net pagecdn.io; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.go-mpulse.net https://cdn.siteimprove.net pagecdn.io; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/reportOnly 4
frame-ancestors 'self'; report-uri /stf/reportiframe 4
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 4
report-uri /api/csp-report/ 4
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com js.stripe.com cdn.dnky.co webchat.dotdigital.com *.gigya.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.gigya.com 'self' data: 'unsafe-inline' data: *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.stripe.com cdn.conekta.io conektaapi.s3.amazonaws.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.gigya.com s7.addthis.com *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.conekta.io api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com; img-src 'self' blob: data: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 4
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; Report-To default; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com  *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com *.eloqua.com https://s754241824.t.eloqua.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 4
base-uri 'self'; default-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://*.searchiq.co *.searchiq.co https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://*.addthis.com *.addthis.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com https://m.addthis.com m.addthis.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://tools.eurolandir.com tools.eurolandir.com https://*.instagram.com *.instagram.com https://*.searchiq.co *.searchiq.co https://*.youtube.com *.youtube.com https://*.addthis.com *.addthis.com https://*.hypemarks.com *.hypemarks.com; img-src 'self' https://*.searchiq.co *.searchiq.co https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.uk *.google.co.uk https://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com *.linkedin.com https://*.facebook.com *.facebook.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.instagram.com *.instagram.com https://*.licdn.com *.licdn.com https://*.googleapis.com *.googleapis.com https://*.searchiq.co *.searchiq.co https://*.youtube.com *.youtube.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://*.addthis.com *.addthis.com https://*.addthisedge.com *.addthisedge.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.hypemarks.com *.hypemarks.com https://*.moatads.com *.moatads.com https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com https://connect.facebook.net connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 4
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.onetrust.com *.riskified.com cdn.cookielaw.org *.yotpo.com maps.googleapis.com maps.gstatic.com *.stats.paypal.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.avada.io *.onetrust.com *.riskified.com cdn.cookielaw.org *.yotpo.com *.nr-data.net *.newrelic.com maps.googleapis.com *.optimove *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.paypal.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://geoip-js.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.onetrust.com cdn.cookielaw.org *.riskified.com *.yotpo.com *.nr-data.net *.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com *.optimove *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 4
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com static.curations.bazaarvoice.com 'unsafe-inline' data: *.channelsight.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com *.snapchat.com *.tiktok.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com s.amazon-adsystem.com *.facebook.com *.fls.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org viewinyourspace.com *.viewinyourspace.com playcanv.as *.snapchat.com *.clinch.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bird.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com *.youtube.com cscoreproweustor.blob.core.windows.net www.skil.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.fls.doubleclick.net *.seeitinyourspace.com *.pinterest.com *.nextdoor.com *.reddit.com insight.adsrvr.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexsweepstakes2022.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.newrelic.com *.nr-data.net *.tiktok.com sc-static.net *.channelsight.com unpkg.com viewinyourspace.com *.viewinyourspace.com *.cookielaw.org *.addevent.com *.youtube.com *.pinimg.com *.nextdoor.com *.crwdcntrl.com *.crwdcntrl.net mjca-yijws.global.ssl.fastly.net cdn.480app.com cdn.nmgassets.com *.clinch.co *.vimeo.com *.redditstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net *.channelsight.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.bazaarvoice.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com *.channelsight.com *.google-analytics.com stats.g.doubleclick.net *.taboola.com secure-ds.serving-sys.com viewinyourspace.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.nr-data.net *.facebook.com *.tiktok.com *.snapchat.com *.cookielaw.org *.rain-staging.com *.seeitinyourspace.com *.gstatic.com blob: *.googleapis.com *.pinterest.com cdn.nmgassets.com jdl.nmgplatform.com colrep.sitelabweb.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 4
script-src 'self' 4
default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data:; 4
default-src 'self';               script-src 'self' 'unsafe-eval' 'unsafe-inline' pt d2oh4tlt9mrke9.cloudfront.net www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com;               connect-src 'self' ws.sessioncam.com *.dynatrace.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com;               img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net;               style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com;               font-src 'self' fonts.gstatic.com;               frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com;              worker-src blob:; 4
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.mmapiws.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com 4
worker-src 'none'; 4
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
default-src * data: blob:;worker-src 'self' blob:;script-src blob: 'unsafe-inline' https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://www.googletagmanager.com/gtag/js https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;object-src 'none';style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;report-uri /csp-report 3
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_3_2_0_AKLA_C 3
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com  wss://*.hotjar.com wss://*.qualified.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://www.youtube.com https://platform.twitter.com https://p.trellocdn.com https://embedr.flickr.com https://widgets.flickr.com https://maps.googleapis.com https://www.google.com content-service.ilo.org static.dwdn.net stats.datawrapper.de datawrapper.dwcdn.net https://ilc-live-2021-nea3b.ondigitalocean.app/; style-src 'self' 'unsafe-inline' 'report-sample' https://content-service.ilo.org fonts.googleapis.com www.youtube.com platform.twitter.com; img-src 'self' data: i.ytimg.com www.google-analytics.com www.googletagmanager.com syndication.twitter.com pbs.twimg.com embedr.flickr.com *.staticflickr.com maps.gstatic.com *.googleapis.com *.ggpht.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com maps.googleapis.com embedr.flickr.com; media-src 'self'; object-src 'none'; prefetch-src 'self' www.google-analytics.com; child-src 'self' youtube.com www.youtube.com player.vimeo.com datastudio.google.com platform.twitter.com walls.io www.flickr.com www.facebook.com www.linkedin.com; frame-src 'self' youtube.com www.youtube.com www.youtube-nocookie.com player.vimeo.com datastudio.google.com platform.twitter.com walls.io www.flickr.com www.facebook.com www.linkedin.com; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://ilo.msgfocus.com; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri https://ilopublic.report-uri.com/r/d/csp/reportOnly 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.dow.com dow.6connex.com; report-uri /cxsite/csp-report/csp-report.html 3
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.com *.doubleclick.net geolocation.onetrust.com www.google-analytics.com *.demdex.net privacyportal-eu.onetrust.com www.googletagmanager.com *.omtrdc.net www.shareaholic.net geoip-js.com www.google.co.in amadeus.com collection.decibelinsight.net cdn.cookielaw.org *.facebook.com wss://collection.decibelinsight.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.eg www.youtube.com *.twitter.com cdn.decibelinsight.net img06.en25.com *.doubleclick.net tools.euroland.com m9m6e2w5.stackpathcdn.com www.google.com amadeus.com snap.licdn.com cdn.cookielaw.org cdnjs.cloudflare.com apps.shareaholic.com js.maxmind.com *.ads-twitter.com *.googleadservices.com www.google.fr www.google-analytics.com www.googletagmanager.com *.facebook.net tags.tiqcdn.com; form-action  *.facebook.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com www.google.com.mx amadeus.com img.youtube.com www.google.co.th *.omtrdc.net *.doubleclick.net www.google.es *.facebook.com www.google.com.tr s266319173.t.eloqua.com cdn.cookielaw.org *.everesttech.net www.google.pl www.googletagmanager.com *.linkedin.com www.google.ch www.google.com.br t.co www.google.com www.google.com.sg www.google.fr *.demdex.net www.google.gr www.google.co.uk www.google.com.eg www.google.de www.google.co.jp www.google.co.in www.google.ca *.twitter.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: amadeus.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: amadeus.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.demdex.net *.doubleclick.net amadeus.com tools.eurolandir.com www.youtube.com *.twitter.com *.facebook.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com amadeus.com m9m6e2w5.stackpathcdn.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: amadeus.com *.googleapis.com; frame-ancestors 'self' ; report-uri /csp_report 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 3
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval'  ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/ 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' https https://*.wistia.com  https://*.wistia.net www.google.com stats.g.doubleclick.net; script-src   'self'   'unsafe-eval'     https://snap.licdn.com   https://bat.bing.com/   https://snap.licdn.com   https://connect.facebook.net   https://ws.zoominfo.com   https://connect.facebook.net/   https://www.google-analytics.com   https://ssl.google-analytics.com   https://organizer.bizzabo.com/   www.googletagmanager.com   https://tagmanager.google.com   www.googleadservices.com   www.google.com   googleads.g.doubleclick.net   *.wistia.com    *.wistia.net   src.litix.io   js.hs-scripts.com   js.hsleadflows.net   js.hs-banner.com   js.hsadspixel.net   js.hubspotfeedback.com   js.usemessages.com   js.hs-analytics.net   js.hscollectedforms.net   js.hsforms.net   js-na1.hs-scripts.com   forms.hsforms.com   https://script.hotjar.com   https://static.hotjar.com/   https://munchkin.marketo.net/munchkin.js   https://ucarecdn.com/   tags.clickagy.com   www.clarity.ms; style-src   'self'     blob:   fast.wistia.com   tagmanager.google.com   https://fonts.googleapis.com   https://cdnjs.cloudflare.com/; frame-src   https://www.prismhrlive.com   *.youtube.com   https://bid.g.doubleclick.net   *.hubspot.com   forms.hsforms.com   js.hsadspixel.net   js.hscollectedforms.net   js.usemessages.com   fast.wistia.com   fast.wistia.net   https://vars.hotjar.com   https://www.facebook.com   https://player.vimeo.com   *.google.com; child-src   app.hubspot.com   forms.hsforms.com   js.hsadspixel.net   js.hscollectedforms.net   js.usemessages.com   blob:; img-src   'self'   https://c.clarity.ms/c.gif   data:   https://px.ads.linkedin.com/   https://bat.bing.com/   https://p.adsymptotic.com   https://www.facebook.com   *.google-analytics.com   www.googletagmanager.com   https://ssl.gstatic.com   https://www.gstatic.com   googleads.g.doubleclick.net   www.google.com   *.wistia.com   *.wistia.net   embedwistia-a.akamaihd.net   *.hubspot.com   cdn2.hubspot.net   forms.hsforms.com   *.facebook.com   *.wpengine.com; font-src   'self'   data:   *.wistia.com   https://fonts.gstatic.com   https://cdnjs.cloudflare.com; connect-src   'self'   https://events.bizzabo.com   *.google-analytics.com   *.hubspot.com   https://stats.g.doubleclick.net/   api.hubapi.com   js.usemessages.com   js.hsleadflows.net   js.hs-banner.com   js.hubspotfeedback.com   js.hsadspixel.net   js.hs-analytics.net   js.hs-scripts.com   forms.hsforms.com   *.litix.io   *.wistia.com   https://yoast.com   https://my.wpengine.com   embedwistia-a.akamaihd.net   in.hotjar.com   www.facebook.com   ws.zoominfo.com; form-action   'self'   forms.hsforms.com   forms.hubspot.com   https://www.facebook.com; media-src    'self'    blob:    data:    *.wistia.com    *.wistia.net    embedwistia-a.akamaihd.net; Worker-src   'self'     blob:; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.kwaixiaodian.com https://*.kwaixiaodian.com http://*.gifshow.com https://*.gifshow.com http://*.kwaishop.com https://*.kwaishaop.com http://*.kuaishou.com https://*.kuaishou.com http://*.kuaishoupay.com https://*.kuaishoupay.com http://*.ksapisrv.com https://*.ksapisrv.com http://*.yximgs.com https://*.yximgs.com http://*.kwimgs.com https://*.kwimgs.com http://*.eckwai.com https://*.eckwai.com http://hm.baidu.com https://hm.baidu.com http://www.gstatic.com https://www.gstatic.com http://fonts.gstatic.com https://fonts.gstatic.com https://t.captcha.qq.com http://t.captcha.qq.com data: android-webview-video-poster: blob:;font-src 'self' http://*.kwaixiaodian.com https://*.kwaixiaodian.com http://*.gifshow.com https://*.gifshow.com http://*.kuaishou.com https://*.kuaishou.com http://*.yximgs.com https://*.yximgs.com http://fonts.gstatic.com https://fonts.gstatic.com http://at.alicdn.com https://at.alicdn.com http://cdn.bootcdn.net https://cdn.bootcdn.net data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.kwaixiaodian.com https://*.kwaixiaodian.com http://*.gifshow.com https://*.gifshow.com http://*.kuaishou.com https://*.kuaishou.com http://*.yximgs.com https://*.yximgs.com http://*.kwimgs.com https://*.kwimgs.com http://*.eckwai.com https://*.eckwai.com http://hm.baidu.com https://hm.baidu.com https://captcha.gtimg.com http://captcha.gtimg.com blob:;form-action 'self' http://*.ksapisrv.com https://*.ksapisrv.com;frame-ancestors 'self' http://*.kwaixiaodian.com https://*.kwaixiaodian.com http://*.kuaishou.com https://*.kuaishou.com;report-uri https://csplog.kuaishou.com/log/kwaishop/wwwkwaixiaodian 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 3
"default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.allposters.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com *.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com code.jquery.com *.intercom.io *.artprintimages.com *.affirm.com *.allpostersimages.com; object-src 'none'; base-uri 'self'; report-uri https://csp.prod.walmart.com/c/r/artal;" 3
img-src https://shopping.com https://*.shopping.com https://*.paypal.com https://*.ebayimg.com https://*.cnnx.io https://*.ebayadservices.com https://www.paypalobjects.com https://img.fruugo.com https://hst.tradedoubler.com data:; report-uri https://monitor.ebay.com/csp-report/shoppingdotcom 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=sites 3
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 3
block-all-mixed-content; frame-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com players.brightcove.net; object-src *; script-src 'self' 'unsafe-inline' 'report-sample' https://*.doubleclick.net https://*.go-mpulse.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.nr-data.net https://*.truste.com https://bam.nr-data.net https://connect.facebook.net https://content.linkedin.com https://choices.trustarc.com https://consent.trustarc.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://img.en25.com https://js.facebook.com https://js-agent.newrelic.com https://players.brightcove.net https://platform.linkedin.com https://renesas.componentsearchengine.com https://static.addtoany.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com vjs.zencdn.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com pagecdn.io; script-src-attr 'self'; style-src 'self' 'unsafe-inline' 'report-sample' *.licdn.com *.google.com players.brightcove.net www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; worker-src 'self' blob: www.google.com; base-uri 'self'; form-action 'self' *.google.com *.facebook.com connect.facebook.net; frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn; report-uri https://www.renesas.com/us/en/report-uri/reportOnly 3
default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 3
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 3
default-src 'self' blob: https://*.avrotros.org https://*.avrotros.nl https://*.google-analytics.com https://cdn.ampproject.org/ https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://www.facebook.com https://graph.facebook.com https://adserving.optoutadvertising.com https://displayhub.ster.nl; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' 'report-sample' https://opgelicht.avrotros.nl/cdn-cgi/challenge-platform/; style-src * 'unsafe-inline' 'report-sample';  media-src *; frame-src *; object-src https://open.spotify.com https://embed.spotify.com https://player.vimeo.com https://w.soundcloud.com https://avrotros.nl https://issuu.com https://e.issuu.com https://www.google.com https://www.google.nl https://localfocus2.appspot.com https://m.kro-ncrv.nl https://giphy.com https://media.giphy.com https://media2.giphy.com https://opgelicht.avrotros.nl https://radar.avrotros.nl https://eenvandaag.avrotros.nl https://stories.avrotros.nl; base-uri 'self'; form-action https://www.facebook.com/tr/ 'self'; worker-src 'self' blob:; 3
base-uri 'none'; img-src * data: blob:; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; media-src blob: https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://shs-components.infopark.io https://*.siemens-healthineers.com https://preview-cdn.scrvt.com/; worker-src blob:; script-src data: blob: 'self' https://api.scrivito.com https://assets.scrivito.com https://*.siemens.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu/ https://tools.adlytics.net https://charts3.equitystory.com/ https://irpages2.eqs.com/ https://shs-components.infopark.io https://players.brightcove.net https://vjs.zencdn.net https://siemenshealthcare.postclickmarketing.com https://ionfiles.scribblecdn.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com https://www.adobetag.com https://static.adlytics.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://sjs.bizographics.com; frame-ancestors 'self' https://*.scrivito.com https://gather.town; object-src 'none'; block-all-mixed-content; report-uri https://y84jcqwn7k.execute-api.us-east-1.amazonaws.com/latest 3
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net 	 https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 3
font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com x.klarnacdn.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com bugcrowd.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com script.google.com vars.hotjar.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.affirm.com *.atdmt.com *.bing.com *.bazaarvoice.com *.clarity.ms dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.gstatic.com kcc0.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com t.co tk0x1.com *.wahoofitness.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.adnxs.com js.adsrvr.org lightboxapi.azurewebsites.net bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com *.affirm.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.google.com googleads.g.doubleclick.net www.gstatic.com static.hotjar.com script.hotjar.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv cdn.segment.com imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com resources.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com www.lightboxcdn.com x.klarnacdn.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.affirm.com bam-cell.nr-data.net *.bing.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com analytics.google.com *.hotjar.com mpsnare.iesnare.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b73c76520e1c6fd88a089eacc1b590fe.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 3
default-src 'self' 'unsafe-inline' https://nexon.com.au https://*.nexon.com.au; script-src 'self' 'unsafe-inline' https://www.youtube.com https://googleads.g.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://munchkin.marketo.net https://www.gstatic.com https://www.google-analytics.com https://go.nexon.com.au https://*.googletagmanager.com https://*.cloudflare.com https://go.nexon.com.au:* https://go.nexon.com.au/ https://code.jquery.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://snap.licdn.com; script-src-elem 'self' 'unsafe-inline' https://googleads.g.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://munchkin.marketo.net https://www.gstatic.com https://www.google-analytics.com https://go.nexon.com.au https://*.googletagmanager.com https://*.cloudflare.com https://go.nexon.com.au:* https://go.nexon.com.au/ https://code.jquery.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://snap.licdn.com; script-src-attr 'self' 'unsafe-inline' https://googleads.g.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://munchkin.marketo.net https://www.gstatic.com https://www.google-analytics.com https://go.nexon.com.au https://*.googletagmanager.com https://*.cloudflare.com https://go.nexon.com.au:* https://go.nexon.com.au/ https://code.jquery.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://snap.licdn.com; style-src * 'self' 'unsafe-inline'; style-src-elem * 'self' 'unsafe-inline'; style-src-attr * 'self' 'unsafe-inline'; img-src 'self' https://*.nexon.com.au https://www.facebook.com https://go.nexon.com.au https://px.ads.linkedin.com; font-src * 'self' data:; connect-src 'self' https://www.youtube.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://837-cjs-664.mktoresp.com; media-src 'self' youtube.com wistia.com; child-src 'self' https://youtube.com https://www.youtube.com; frame-src 'self' https://marketo.com:* https://*.nexon.com.au; form-action 'self' https://go.nexon.com.au https://munchkin.marketo.net 3
font-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.awin1.com *.zenaps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.googleapis.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://the.sciencebehindecommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
script-src 'self' https://ajax.googleapis.com https://f1000researchdata.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 3
base-uri 'self'; frame-src 'self' cookiejar.mondly.com vars.hotjar.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com www.pinterest.com 7f075c3104c14b369e4245a534bf1142.pages.ubembed.com; frame-ancestors 'self' *.mondly.com; font-src 'self' data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://*; media-src 'self' d37sy4vufic209.cloudfront.net mondly-languages-audio.azureedge.net; style-src 'self' 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com script.hotjar.com static.hotjar.com connect.facebook.net cdn.livechatinc.com api.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com www.pinterest.com 7f075c3104c14b369e4245a534bf1142.js.ubembed.com analytics.tiktok.com assets.ubembed.com 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=communities 3
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com pal-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.pepperjamnetwork.com services.listrak.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com *.listrakbi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com 'self' data: https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png snap.licdn.com s.pinimg.com *.blob.core.windows.net offer.slgnt.us cdn.polyfill.io *.ads.linkedin.com ct.pinterest.com site-azp.slgnt.us data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.adyen.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com *.livechatinc.com *.serverdata.net *.listrakbi.com *.listrak.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com https://www.youtube.com acsbapp.com cdn.noibu.com snap.licdn.com s.pinimg.com *.blob.core.windows.net offer.slgnt.us cdn.polyfill.io *.ads.linkedin.com ct.pinterest.com site-azp.slgnt.us *.revlifter.io *.pepperjamnetwork.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com *.serverdata.net *.myfonts.net *.listrakbi.com *.listrak.com unsafe-inline tagmanager.google.com *.gstatic.com https://cloud.typography.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.serverdata.net *.livechatinc.com api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com https://maps.googleapis.com cdn.noibu.com *.acsbapp.com snap.licdn.com s.pinimg.com offer.slgnt.us cdn.polyfill.io *.ads.linkedin.com ct.pinterest.com site-azp.slgnt.us *.revlifter.io *.pepperjamnetwork.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: 'unsafe-inline' 3
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.mention-me.com *.yotpo.com *.bounceexchange.com *.ada.support *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.trustpilot.com *.facebook.com *.bulk.com *.studentbeans.com *.doubleclick.net *.zenaps.com *.criteo.net *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.yotpo.com bulk.com *.bulk.com *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.google.co.in *.facebook.com *.facebook.net *.bouncex.net *.bounceexchange.com *.monetate.net bulkpowders.co.uk *.gstatic.com *.postcodeanywhere.co.uk *.klarnacdn.net *.klarna.com *.zenaps.com *.awin1.com *.atdmt.com *.doubleclick.net *.cooladata.com *.bing.com *.quantserve.com t.co *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.mention-me.com *.yotpo.com *.monetate.net *.dwin1.com *.facebook.net *.bounceexchange.com *.jetlore.com *.ada.support *.scarabsearch.com *.scarabresearch.com *.g.doubleclick.net *.trustpilot.com *.queue-it.net *.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.pcapredict.com *.klarnacdn.net *.postcodeanywhere.co.uk *.co-buying.com *.studentbeans.com *.zenaps.com *.sciencebehindecommerce.com *.criteo.net *.criteo.com *.cooladata.com *.zendesk.com *.zdassets.com *.bing.com *.quantserve.com *.quantcount.com *.twitter.com js.klevu.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.yotpo.com *.googleapis.com *.typekit.net *.bounceexchange.com *.postcodeanywhere.co.uk *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src *.bulk.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.mention-me.com *.yotpo.com *.ada.support *.google-analytics.com *.g.doubleclick.net *.scarabresearch.com *.logs.datadoghq.com *.bouncex.net *.nr-data.net *.klarnaevt.com *.postcodeanywhere.co.uk *.bulk.com *.sciencebehindecommerce.com *.zdassets.com *.zendesk.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.doubleclick.net *.driftt.com *.techtarget.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net *.bing.com *.clarity.ms app.hushly.com hubfront.hushly.com; font-src * data:; frame-src 'self' static.addtoany.com; img-src * data:; media-src * blob:; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.techtarget.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com app.hushly.com hubfront.hushly.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net *.bing.com *.clarity.ms www.forgerock.com http://www.forgerock.com blob: https://fast.wistia.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com app.hushly.com hubfront.hushly.com https://unpkg.com; report-uri https://forgerock.report-uri.com/r/t/csp/reportOnly 3
block-all-mixed-content; default-src 'none'; connect-src https://ka-p.fontawesome.com https://maps.googleapis.com https://notifier-configs.airbrake.io https://s.yimg.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://*.fontawesome.com https://fonts.gstatic.com; frame-src https://9860174.fls.doubleclick.net https://go.adflegal.org https://insight.adsrvr.org https://www.google.com; img-src 'self' https://analytics.sleeknote.com https://maps.gstatic.com https://pixel.quantserve.com https://sp.analytics.yahoo.com https://www.facebook.com https://www.google-analytics.com; script-src 'self' https://www.gstatic.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://embed.idonate.com https://kit.fontawesome.com https://maps.googleapis.com https://sleeknotecustomerscripts.sleeknote.com https://unpkg.com https://www.google.com https://www.googleoptimize.com mdbootstrap.com 'unsafe-inline'; script-src-elem 'self' https://connect.facebook.net https://js.adsrvr.org https://rules.quantcount.com https://s.yimg.com https://secure.quantserve.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://embed.idonate.com https://kit.fontawesome.com https://maps.googleapis.com https://sleeknotecustomerscripts.sleeknote.com https://unpkg.com https://www.google.com https://www.googleoptimize.com mdbootstrap.com; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; form-action 'none'; frame-ancestors 'none'; report-uri https://adflegal.report-uri.com/r/d/csp/wizard 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 3
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/verily 3
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.googleapis.com *.doubleclick.net *.facebook.net www.prismahealth.org www.google-analytics.com prismahealth.org lp.prismahealth.org www.youtube.com www.googleoptimize.com kit.fontawesome.com siteimproveanalytics.com www.googletagmanager.com *.googleadservices.com *.adsrvr.org; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com p.typekit.net www.prismahealth.org lp.prismahealth.org use.typekit.net; form-action  *.facebook.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.prismahealth.org; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.googleapis.com adservice.google.com www.google.com *.facebook.com network.prismahealth.org ka-p.fontawesome.com lp.prismahealth.org; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: prismahealth.org www.prismahealth.org; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: lp.prismahealth.org kyruus-app-static.kyruus.com prismahealth.org www.prismahealth.org 6147797.global.siteimproveanalytics.io www.google.com *.doubleclick.net www.google-analytics.com kloggyr-service.kyruus.com *.facebook.com *.googleapis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.kyruus.com www.prismahealth.org use.typekit.net ka-p.fontawesome.com lp.prismahealth.org prismahealth.org; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.adsrvr.org www.google.com www.youtube.com *.facebook.com *.doubleclick.net; frame-ancestors 'self' ; report-uri /csp_report 3
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; 3
default-src 'self' *.gstatic.com *.google.com *.google.co.uk *.youtube.com *.google-analytics.com *.bazaarvoice.com *.openstreetmap.org *.iesnare.com *.convertexperiments.com *.cookiebot.com *.mouseflow.com *.klaviyo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.youtube.com *.google.com *.gstatic.com *.cloudflare.com *.bugherd.com bat.bing.com *.bazaarvoice.com *.facebook.net *.googleapis.com *.g.doubleclick.net *.ads-twitter.com *.googleadservices.com *.twitter.com cambridgeaudio.us8.list-manage.com js.braintreegateway.com script.hotjar.com static.hotjar.com *.payments-amazon.com vc.hotjar.io songbirdstag.cardinalcommerce.com *.paypal.com twitter.com *.bazaarvoice.com *.newrelic.com *.cloudflareinsights.com *.cloudfront.net *.nr-data.net *.atlassian.net *.cardinalcommerce.com *.google.se *.google.nl *.google.ca chimpstatic.com *.openstreetmap.org *.paypalobjects.com *.iesnare.com *.mavenoid.com *.convertexperiments.com *.cookiebot.com *.klaviyo.com *.clarity.ms *.mouseflow.com *.jsdelivr.net *.mouseflow.com *.klaviyo.com *.klarnaservices.com *.stripe.com; object-src 'self' 'unsafe-inline' *.bazaarvoice.com *.iesnare.com *.convertexperiments.com *.klaviyo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bazaarvoice.com *.cloudfront.net sheet *.braintreegateway.com *.openstreetmap.org *.braintreegateway.com *.iesnare.com *.appcues.com *.convertexperiments.com *.jsdelivr.net *.klaviyo.com *.klarnacdn.net; img-src * data; frame-src *.vimeo.com *.facebook.com *.youtube.com *.youtube-nocookie.com vars.hotjar.com *.braintreegateway.com *.cardinalcommerce.com *.paypal.com *.kaptcha.com *.bazaarvoice.com *.amazon-adsystem.com *.cloudfront.net *.atlassian.net *.go2jump.org *.payments-amazon.com *.amazon.co.uk *.amazon.com *.cambridgeaudio.com *.doubleclick.net *.googletagmanager.com *.openstreetmap.org *.spotify.com *.iesnare.com *.convertexperiments.com *.cookiebot.com *.klaviyo.com; frame-ancestors https://*.cambridgeaudio.com https://*.stripe.com; font-src 'self' *.gstatic.com data: *.bazaarvoice.com *.bugherd.com *.cloudfront.net *.openstreetmap.org *.iesnare.com *.mavenoid.com *.convertexperiments.com *.jsdelivr.net *.mouseflow.com *.klaviyo.com *.klarnacdn.net; connect-src 'self' *.g.doubleclick.net *.google.com *.google-analytics.com bat.bing.com *.facebook.com sockjs.pusher.com in.hotjar.com *.amazon.com *.amazon.co.uk vc.hotjar.io *.braintree-api.com *.braintree-gateway.com *.cardinalcommerce.com *.amazonaws.com *.bazaarvoice.com *.bugsnag.com *.pusher.com *.nr-data.net *.braintreegateway.com *.paypal.com  *.nr-data.net *.hotjar.com wss://* *.openstreetmap.org *.braintreegateway.com *.paypal.com *.iesnare.com *.mavenoid.com *.sentry.io *.clarity.ms *.convertexperiments.com  *.cookiebot.com *.mouseflow.com *.klaviyo.com *.klarnaservices.com *.klarnaevt.com *.fullstory.com *.googletagmanager.com; report-uri /report-csp-violation 3
default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; 3
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: *.gstatic.com *.googleapis.com *.klarnacdn.net *.worldpay.com *.cnetcontent.com *.1worldsync.com static.criteo.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.bazaarvoice.com www.facebook.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.nosto.com *.nos.to api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.bazaarvoice.com *.worldpay.com *.nosto.com *.ometria.com *.sitescout.com *.doubleclick.net *.pixel.ad *.veinteractive.com www.facebook.com *.zenaps.com campaign.odicci.com g3d-app.com services.sdiapi.com *.addthis.com *.addtoany.com *.twitter.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.commbox.io *.klarnaservices.com *.klarna.com *.google.com *.hotjar.com *.hotjar.io *.lightwidget.com www.paypalobjects.com ometria.email https://pay.google.com https://secure-test.worldpay.com *.nos.to display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.criteo.com *.criteo.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.bazaarvoice.com *.nosto.com apps.bumpyardpro.com images.unsplash.com source.unsplash.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.brsrvr.com cm.everesttech.net *.behance.net www.googletagmanager.com *.ometria.com *.gstatic.com *.googleapis.com *.awin1.com *.zenaps.com *.doubleclick.net *.sitescout.com *.google.com *.pixel.ad assets.robertdyas-static.co.uk www.google.com.ua www.google.com.uk www.facebook.com robertdyasuk.twgdns.com *.klarnacdn.net *.clarity.ms *.bing.com *.assets-servd.host *.contentsquare.net apps.commbox.io *.amazonaws.com *.twimg.com *.twitter.com *.cnetcontent.com *.1worldsync.com g3d-app.com *.cloudfront.net *.ediemidnightzombies.com *.cloudflare.com *.nos.to display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.google.co.uk *.superpointlesshamsters.com *.criteo.com *.criteo.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.bazaarvoice.com *.iesnare.com *.nosto.com apps.bumpyardpro.com *.brsrvr.com www.google.com *.cnetcontent.com *.worldpay.com *.ometria.com *.gstatic.com *.googleapis.com *.serving-sys.com *.doubleclick.net *.flx1.com *.veinteractive.com *.dwin1.com *.criteo.com static.cloudflareinsights.com *.criteo.net snap.licdn.com g3d-app.com *.klarnacdn.net *.klarnaservices.com *.facebook.net *.sdiapi.com *.googleoptimize.com *.newrelic.com *.taggstar.com *.commbox.io *.clarity.ms *.bing.com *.hotjar.com bam-cell.nr-data.net cdn.cookielaw.org *.contentsquare.net *.addthis.com *.addtoany.com *.addthisedge.com *.twitter.com *.twimg.com *.google.com *.1worldsync.com *.lightwidget.com *.youtube.com *.ediemidnightzombies.com smct.co https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.nos.to apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.moatads.com *.nr-data.net *.superpointlesshamsters.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com *.bazaarvoice.com *.cnetcontent.com apps.bumpyardpro.com *.googleapis.com cdn.taggstar.com cdn.cookielaw.org *.klarnacdn.net *.commbox.io *.worldpay.com *.twitter.com *.google.com *.1worldsync.com *.cloudflare.com *.nosto.com *.nos.to display.ugc.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com apps.bumpyardpro.com apps.commbox.io *.cnetcontent.com *.1worldsync.com static.criteo.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.adobe.io performance.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.bazaarvoice.com *.nosto.com *.dxpapi.com api.edq.com *.ometria.com *.demdex.net *.serving-sys.com *.veinteractive.com *.sdiapi.com rum-collector-2.pingdom.net bam-cell.nr-data.net api.taggstar.com *.sciencebehindecommerce.com *.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.clarity.ms *.worldpay.com pay.google.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io cdn.cookielaw.org *.contentsquare.net *.onetrust.com *.cloudhub.io *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.1worldsync.com *.cnetcontent.com *.addthis.com *.doubleclick.net *.ediemidnightzombies.com *.nos.to api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com.ua bat.bing.com *.taggstar.com *.google.co.uk *.nr-data.net *.superpointlesshamsters.com *.criteo.com *.criteo.net 'self' 'unsafe-inline'; child-src *.criteo.com *.criteo.net http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https:; 						script-src https: 'unsafe-inline' 'unsafe-eval'; 						style-src https: 'unsafe-inline'; 						font-src https: data:; 						img-src https: data:; 						connect-src https: wss: 'self'; 						worker-src https: blob: 'self'; 3
default-src               'self'               www.gfms.com               gfms.com                *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae               ;           connect-src               'self'               *.google-analytics.com               apikeys.civiccomputing.com               maps.googleapis.com               center.lon5.atomz.com               clapi.civiccomputing.com               sp1004e61f.guided.lon5.atomz.com               sp1004e61a.guided.lon5.atomz.com               sp1004e5dd.guided.lon5.atomz.com               stats.g.doubleclick.net               www.facebook.com               uberall.com               region1.google-analytics.com               api.moin.ai               www.gfpstools.com ;           font-src                 'self'                 fonts.gstatic.com                 widget.moin.ai                 static-prod.uberall.com                 static.prod.uberall.com ;           script-src               'self'               'unsafe-inline'               'unsafe-eval'               *.google-analytics.com               *.googletagmanager.com               ajax.googleapis.com               cc.cdn.civiccomputing.com               connect.facebook.net               cdnjs.cloudflare.com               gstatic.com               maps.googleapis.com               siteimproveanalytics.com               snap.licdn.com               static-prod.uberall.com               uberall.com               www.youtube.com               www.pagespeed-mod.com               www.googleoptimize.com               mktdplp102cdn.azureedge.net               www.pagespeed-mod.com               widget.moin.ai               r1.dotdigital-pages.com               r1-t.trackedlink.net               r1.ddlnk.net ;           style-src               'self'               'unsafe-inline'               'unsafe-eval'               fonts.googleapis.com               widget.moin.ai ;           img-src               'self'               'unsafe-inline'               'unsafe-eval'               data:               assets.georgfischer.com               www.linkedin.com               www.google-analytics.com               *.global.siteimproveanalytics.io               nswow-imageresizer.azurewebsites.net               px.ads.linkedin.com               www.facebook.com               www.google.com               www.google.de               www.google-analytics.com               gfms.com               www.gfms.com               static-prod.uberall.com               static.prod.uberall.com               www.linkedin.com               ssl.google-analytics.com               s7e5a.scene7.com               stats.g.doubleclick.net               38e76c47ade744b48fc12ad21059e592.svc.dynamics.com               i.ytimg.com               maps.gstatic.com               www.gfpstools.com               www.googletagmanager.com ;           child-src                 'self'                 analytics-eu.clickdimensions.com                 live.solique.ch                 www.youtube.com ;           frame-src               'self'               'unsafe-inline'               'unsafe-eval'               data:               analytics-eu.clickdimensions.com               google.com               ir.tools.investis.com               irs.tools.investis.com               live.solique.ch               recruitingapp-5505.de.umantis.com               registration.gesevent.com               six-swiss-exchange.com               tools.google.com               uberall.com               widget.moin.ai               38e76c47ade744b48fc12ad21059e592.svc.dynamics.com               www.gfps.com               ir2.flife.de               www.youtube.com               r1.dotdigital-pages.com               youtube.com ; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com; connect-src 'self' https://mandg.scene7.com https://*.pru.co.uk https://*.akamaihd.net https://*.akstat.io https://*.demdex.net https://*.go-mpulse.net https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://cdn.cookielaw.org https://cm.everesttech.net https://geolocation.onetrust.com https://www.google-analytics.com https://privacyportal-de.onetrust.com https://prudential.distribution.team.prudential.co.uk https://search-api.swiftype.com https://smetrics.mandg.com https://stats.g.doubleclick.net https://prudentialdistributi.tt.omtrdc.net; font-src 'self' data: https://api.fundpress.io https://fonts.gstatic.com; form-action 'self' https://*.pru.co.uk https://prudential.distribution.team.prudential.co.uk; frame-ancestors 'self' https://www.mymandg.co.uk https://*.pru.co.uk https://*.fundslibrary.co.uk; frame-src 'self' https://*.demdex.net https://*.pru.co.uk https://*.pruadviser.co.uk https://www.brighttalk.com https://digitalsecure.mandg.com https://forms.mymandg.co.uk https://securedigital.wealth.mandg.com https://securedigital.pru.mandg.com https://securedigital.prudential.co.uk https://secure.digital.mandg.com https://www.google.com https://irpages2.equitystory.com https://insight.adsrvr.org https://infogram.com https://e.infogram.com https://match.adsrvr.org https://mandg.fidainformatica.it https://mandg.videomarketingplatform.co https://recaptcha.google.com https://view.ceros.com https://www.youtube-nocookie.com; img-src 'self' https://mandg.scene7.com data: https://*.akstat.io https://*.demdex.net https://*.sessioncam.com https://ad.doubleclick.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://adservice.google.com https://assets.adobedtm.com https://cm.everesttech.net https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://i.ytimg.com https://smetrics.mandg.com https://ttcontacts.com https://797110.global.siteimproveanalytics.io; media-src blob: https://mandg.scene7.com https://mandg.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mandg.scene7.com https://*.demdex.net https://*.go-mpulse.net https://*.pru.co.uk https://d2oh4tlt9mrke9.cloudfront.net https://assets.adobedtm.com https://api.fundpress.io https://cdn.cookielaw.org https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' https://mandg.scene7.com https://*.demdex.net https://*.go-mpulse.net https://*.pru.co.uk https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://www.brighttalk.com https://cdn.cookielaw.org https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://js.adsrvr.org https://report.23video.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://mandg.scene7.com https://fonts.googleapis.com; base-uri 'self' 3
script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; 3
default-src 'self' blob: https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://sentry2.lynx-trader.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://www.googletagmanager.com https://*.cookiebot.com https://connect.facebook.net https://www.google-analytics.com https://bat.bing.com data: https://siegel.ausgezeichnet.org https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://amplify.outbrain.com https://tr.outbrain.com https://*.taboola.com https://cdn.pushcrew.com https://fat.financeads.net https://www.dwin1.com https://www.google.com https://www.gstatic.com https://cdn.datatables.net https://www.youtube.com https://www.googleadservices.com https://www.awin1.com https://cdnjs.cloudflare.com https://pushcrew.com https://*.pushcrew.com https://service.lynx.nl https://*.wistia.com https://www.googleoptimize.com https://optimize.google.com https://js.adsrvr.org https://p.teads.tv https://*.twitter.com https://*.clarity.ms https://*.ads-twitter.com https://*.livechatinc.com https://pixel.adcrowd.com https://googleads.g.doubleclick.net https://*.trustpilot.com https://widget.trustpilot.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://pushcrew.com https://cdn.pushcrew.com https://cdn.datatables.net https://code.jquery.com https://fonts.googleapis.com https://cdn-images.mailchimp.com https://optimize.google.com https://hilfe.lynxbroker.de ; img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://bat.bing.com *.gravatar.com https://*.ausgezeichnet.org https://pushcrew.com https://*.pushcrew.com https://*.linkedin.com https://tr.outbrain.com https://cds.taboola.com https://www.awin1.com https://www.googletagmanager.com https://cdn.datatables.net https://www.financeads.net https://www.google.com https://*.doubleclick.net https://hilfe.lynxbroker.de https://www.google.nl https://www.google.de https://i.ytimg.com https://p.adsymptotic.com https://cdn.lynxbroker.com https://www.lynxbroker.de https://www.lynxbroker.ch https://www.lynxbroker.at https://service.lynx.nl https://*.wistia.com https://gallery.mailchimp.com https://www.gstatic.com https://t.co https://*.clarity.ms https://*.teads.tv https://*.bing.com https://*.cloudfront.net https://analytics.twitter.com https://secure.adnxs.com ; font-src 'self' data: https://fonts.gstatic.com https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://*.fourthline.com ; frame-src 'self' https://*.cookiebot.com https://www.facebook.com https://vars.hotjar.com https://www.google.com https://us-central1-madrid-investing.cloudfunctions.net https://www.youtube.com https://lynx-germany.softgarden.io https://www.awin1.com https://web.facebook.com https://html5-player.libsyn.com https://fast.wistia.net https://optimize.google.com https://*.doubleclick.net https://servedby.flashtalking.com https://insight.adsrvr.org https://play.libsyn.com https://secure.livechatinc.com https://*.trustpilot.com https://*.adsrvr.org ; frame-ancestors 'self' ; connect-src 'self' https://*.lynx-webservice.com https://*.lynx-trader.com https://www.google-analytics.com https://*.hotjar.com https://lynx-webservice.com https://lynx-webservice.de https://docs.google.com wss://*.hotjar.com https://vc.hotjar.io https://*.bing.com https://trc-events.taboola.com https://hilfe.lynxbroker.de https://lynxsolr.de https://cdn.datatables.net https://www.google.com https://*.pushcrew.com https://*.facebook.com https://*.googleusercontent.com https://*.wistia.com https://*.litix.io https://*.cookiebot.com https://*.googlesyndication.com https://*.doubleclick.net https://*.teads.tv https://*.clarity.ms https://*.google-analytics.com ; media-src https://s3.eu-west-1.amazonaws.com https://s3.eu-central-1.amazonaws.com https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://cdn.livechatinc.com; report-uri https://sentry2.lynx-trader.com/api/28/security/?sentry_key=b7c19ccae22546d4abeaaae82fab064e&sentry_environment=production 3
report-uri https://o818257.ingest.sentry.io/api/5807773/security/?sentry_key=ed7ad4e8f86243c78f3011320dce22fe 3
default-src 'self' affil.eshop-rychle.cz exponea-api.eshop-rychle.cz www.youtube.com www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com; img-src 'self' www.facebook.com www.google.com www.google.cz *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net c.seznam.cz www.seznam.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' affil.eshop-rychle.cz connect.facebook.net www.google.com *.google-analytics.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com c.imedia.cz www.seznam.cz exponea-api.eshop-rychle.cz; style-src 'self' 'unsafe-inline' fonts.googleapis.com 3
default-src 'self'; font-src *; img-src *; script-src * localhost:35729 'unsafe-inline'; script-src-attr 'none'; style-src * 'unsafe-inline'; style-src-attr 'none' 3
font-src fonts.googleapis.com fonts.gstatic.com data: *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com cdn.jst.ai ajax.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.vimeo.com *.hotjar.com *.doubleclick.net cdn.jst.ai *.paymetric.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://a.klaviyo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com via.placeholder.com *.cdninstagram.com *.klaviyo.com *.google.com *.facebook.com *.fls.doubleclick.net *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.gstatic.com *.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.youtube.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; form-action 'self'; frame-ancestors 'self'; script-src 'self' https://www.google-analytics.com; connect-src 'self'; object-src 'none'; 3
default-src 'self'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com linkedin.sc.omtrdc.net lnkd.tt.omtrdc.net opreq.observepoint.com www.linkedin-ei.com adservice.google.com stats.g.doubleclick.net static.licdn.com; img-src data: blob: android-webview-video-poster: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; script-src-elem 'unsafe-inline' tags.tiqcdn.com *.salesforceliveagent.com platform.linkedin-ei.com platform.linkedin.com content.linkedin.com snap.licdn.com sjs.bizographics.com www.linkedin.com bcvipva02.rightnowtech.com sb.scorecardresearch.com; frame-ancestors 'self'; object-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=ms 3
default-src https: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self' data: blob: *.visiondirect.co.uk https://*.visiondirect.info https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.cloudfront.net https://*.salesforce.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.klarna.com https://widget.trustpilot.com https://*.optimizely.com https://*.dycdn.net https://*.facebook.net https://static.zdassets.com https://www.zenaps.com https://*.contentsquare.net https://*.google.co.uk wss://*.freshrelevance.com https://*.freshrelevance.com https://*.doubleclick.net https://*.facebook.com https://*.tiktok.com https://bat.bing.com https://*.wistia.com https://*.litix.io https://*.awin1.com https://*.akamaihd.net;script-src 'unsafe-inline' 'unsafe-eval' blob: *;style-src 'unsafe-inline' *;font-src * data:;worker-src 'self' data: blob:;frame-src 'self' https://*.google.com https://*.youtube.com https://*.facebook.com https://*.optimizely.com https://*.salesforce.com https://*.klarna.com https://*.trustpilot.com https://*.davidclulow.com https://analytics.tiktok.com;report-uri /content/csp_report;frame-ancestors 'self'; 3
default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 3
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 3
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.doubleclick.net dc.ads.linkedin.com analytics.twitter.com *.google-analytics.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3
default-src 'self' *.optomaeurope.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.optomaeurope.com *.optoma.co code.jquery.com fast.fonts.net  www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://unpkg.com *.unpkg.com secure.neck6bake.com https://youtube.com *.youtube.com youtube.com *.vimeo.com static.cloudflareinsights.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io api.mapbox.com *.jsdelivr.net cdn.polyfill.io https://cdnjs.cloudflare.com https://ldynamicspublicapi.leadforensics.com https://*.fontawesome.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.optomaeurope.com *.optoma.co https://tagmanager.google.com https://fonts.googleapis.com *.jsdelivr.net; img-src 'self' blob: data: *.optomaeurope.com *.optoma.co *.youtube.com *.ytimg.com *.vimeo.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io https://ssl.gstatic.com https://www.gstatic.com https://s3-us-west-2.amazonaws.com *.optoma.com; media-src 'self' *.optomaeurope.com; frame-src 'self' *.optomaeurope.com *.optoma.co *.youtube.com *.youtube-nocookie.com *.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://player.simplecast.com; font-src 'self' *.optomaeurope.com *.optoma.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com data: ; connect-src 'self' *.optomaeurope.com https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://ldynamicspublicapi.leadforensics.com *.storerocket.io https://storerocket.io storerocket.global.ssl.fastly.net *.mapbox.com https://stats.g.doubleclick.net https://*.fontawesome.com; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/reportOnly 3
style-src 'self' 'unsafe-inline' use.typekit.net optimize.google.com *.googleapis.com cdnjs.cloudflare.com tagmanager.google.com *.googletagmanager.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.facebook.com data: *.doubleclick.net *.gstatic.com *.tiktok.com *.google.com *.google.be *.google.nl *.google.pl *.google.de *.google.es *.google.fr *.googletagmanager.com *.paypal.com *.convious.lt *.convious-app.com *.amazonaws.com *.tradetracker.net *.mollie.com; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data: *.convious.lt; connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.tiktok.com *.convious.com *.convious-app.com *.sentry.io wss://*.convious-app.com *.facebook.com *.paypal.com *.cookiehub.net *.tradetracker.net *.plopsa.com *.google.com; report-uri /report-csp-violation 3
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; report-uri https://utqgstu2.uriports.com/reports/report; report-to default 3
default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 3
default-src 'self' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com blob:; style-src 'self' 'unsafe-inline' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com; img-src 'self' 'unsafe-inline'  *.google-analytics.com  cdn.jsdelivr.net blob: data:; worker-src blob:; 3
font-src data: *.fontawesome.com/ *.typekit.net/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://bid.g.doubleclick.net/ *.fls.doubleclick.net vars.hotjar.com cdn.krxd.net insight.adsrvr.org *.flashtalking.com *.amazon-adsystem.com *.optimizely.com *.google.com *.pepperjamnetwork.com www.xtento.com *.bounceexchange.com ids.cdnwidget.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com tst.kaptcha.com https://www.paypalobjects.com/ *.weltpixel.com https://www.facebook.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: pt.ispot.tv bat.bing.com sp.analytics.yahoo.com google.com ct.pinterest.com facebook.com https://www.facebook.com/ *.amazon-adsystem.com *.doubleclick.net *.krxd.net www.xtento.com cdn.xtento.com cdn.cookielaw.org store.paradoxlabs.com *.bounceexchange.com *.bouncex.net *.cdnwidget.com pippio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com edge.curalate.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com contentorigin.bazaarvoice.com google-analytics.com static.hotjar.com script.hotjar.com *.facebook.net bat.bing.com s.pinimg.com js.adsrvr.org s.yimg.com *.doubleclick.net *.g.doubleclick.net *.kruxd.net *.listrakbi.com *.listrak.com *.maxmind.com *.newrelic.com *.nr-data.net *.optimizely.com *.amazonaws.com *.ucarecdn.com *.krxd.net *.google.com *.gstatic.com *.pepperjam.com www.xtento.com cdn.xtento.com cdn.cookielaw.org *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.execute-api.us-east-1.amazonaws.com *.pages04.net *.appboycdn.com edge.curalate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.listrakbi.com unsafe-inline *.bounceexchange.com *.bazaarvoice.com https://apps.bazaarvoice.com/ *.fontawesome.com/ *.typekit.net/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com s.yimg.com ct.pinterest.com google-analytics.com *.listrakbi.com *.mmapiws.com *.nr-data.net *.optimizely.com *.pepperjam.com cdn.cookielaw.org *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.bouncex.net *.cdnbasket.net *.cdnwidget.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://in.hotjar.com/ *.doubleclick.net edge.curalate.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 3
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnlyi; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' *.sessioncam.com 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' *.facebook.com 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.force.com nestle-forms.cs.blip.ai *.facebook.com data: *.adyen.com 'self' 'unsafe-inline'; img-src * 'unsafe-inline' data: widgets.magentocommerce.com  *.sessioncam.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.evgnet.com *.salesforce.com *.doubleclick.net *.facebook.net *.force.com  *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com  www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' *.sessioncam.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'  https://stats.g.doubleclick.net *.google-analytics.com *.nr-data.net ws.sessioncam.com ; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *.ricoh.com.au www.youtube.com connect.facebook.net maps.googleapis.com ml314.com munchkin.marketo.net rum-static.pingdom.net script.hotjar.com snap.licdn.com static.hotjar.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com; style-src 'unsafe-inline' 'report-sample' 'self' *.ricoh.com.au fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.mktoresp.com in.hotjar.com maps.googleapis.com rum-collector-2.pingdom.net stats.g.doubleclick.net vc.hotjar.io www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' vars.hotjar.com www.google.com *.ricoh.com.au www.youtube-nocookie.com; img-src 'self' data: attr.ml-api.io ml314.com ib.adnxs.com loadus.exelator.com maps.googleapis.com maps.gstatic.com pixel.mathtag.com ps.eyeota.net px.ads.linkedin.com s.ml-attr.com trc.taboola.com www.google-analytics.com www.google.com www.google.com.vn www.google.com.au www.facebook.com dpm.demdex.net match.adsrvr.org sync.crwdcntrl.net secure.adnxs.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 3
default-src https: data: blob: android-webview-video-poster: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reports/; 2
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sentry.dev www.googletagmanager.com www.google-analytics.com www.googleadservices.com js.driftt.com connect.facebook.net assets.calendly.com player.vimeo.com www.redditstatic.com m.servedby-buysellads.com static.zdassets.com googleads.g.doubleclick.net bat.bing.com munchkin.marketo.net cdn.bizible.com cdn.amplitude.com; connect-src 'self' sentry.io *.sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com ekr.zdassets.com sentry.zendesk.com www.google-analytics.com stats.g.doubleclick.net 776-mjn-501.mktoresp.com; img-src 'self' data: www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net assets.calendly.com q.quora.com alb.reddit.com www.facebook.com www.googletagmanager.com bat.bing.com www.google.com i.vimeocdn.com i.ytimg.com cdn.bizible.com cdn.bizibly.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com bid.g.doubleclick.net; manifest-src 'self' www.sentry.dev; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl 2
require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 2
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2
frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports 2
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/waze-wfe; 2
default-src 'self' blob: data: *.6sc.co *.services.greenhouse.io *.intellimize.co *.intellimizeio.com *.greenhouse.io *.sitescdn.net *.sitescout.com *.driftt.com *.facebook.com *.doubleclick.net *.wistia.com *.bing.com *.ceros.com *.gstatic.com *.pagescdn.com; img-src 'self' data: *.6sc.co *.services.greenhouse.io *.b0e8.com *.g2.com *.linkedin.com *.google-analytics.com *.google.com *.bing.com *.adroll.com *.bizible.com *.taboola.com *.outbrain.com *.3lift.com *.sitescout.com *.driftt.com *.facebook.com *.adsymptotic.com *.rubiconproject.com *.casalemedia.com *.doubleclick.net *.pubmatic.com googletagmanager.com *.googletagmanager.com clarity.ms *.clarity.ms *.wistia.com *.rumiview.com *.kickfire.com *.bizibly.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.6sc.co *.services.greenhouse.io *.intellimize.co *.intellimizeio.com *.greenhouse.io *.sitescdn.net *.cookielaw.org *.b0e8.com polyfill.io *.polyfill.io googletagmanager.com *.googletagmanager.com unpkg.com *.unpkg.com *.googleadservices.com *.google-analytics.com *.licdn.com *.crazyegg.com *.clearbit.com *.clearbitjs.com *.ipify.org *.driftt.com *.adobedtm.com *.adroll.com appvizer.one *.pdst.fm pixel.ad *.pixel.ad *.bing.com *.bizible.com *.facebook.net *.marketo.net *.marketo.com clarity.ms *.clarity.ms *.doubleclick.net *.g2crowd.com *.sitescout.com *.wistia.com *.rumiview.com *.kickfire.com inline: *.greenhouse.io *.unpkg.com *.cookielaw.org *.polyfill.io *.sitescdn.net *.intellimize.co *.clearbitjs.com *.crazyegg.com *.licdn.com *.google-analytics.com *.googleadservices.com *.b0e8.com *.intellimizeio.com *.googletagmanager.com *.6sc.co *.greenhouse.io *.pagescdn.com *.yext.com; style-src 'self' 'unsafe-inline' *.sitescdn.net *.greenhouse.io; connect-src 'self' *.intellimize.co *.cookielaw.org *.onetrust.com *.yext-pixel.com *.6sc.co *.6sense.com *.g2.com *.crazyegg.com *.cloudfunctions.net appvizer.one *.google-analytics.com *.doubleclick.net *.adroll.com *.mktoresp.com *.clarity.ms *.analytics.google.com *.googletagmanager.com *.wistia.com *.bing.com *.facebook.com *.litix.io *.clearbit.com *.adnxs.com *.sitescdn.net *.bing.com *.yext.com *.intellimize.com; report-uri https://o1361757.ingest.sentry.io/api/6652702/security/?sentry_key=a95fd78c6e364b15aa09b99b49270b89&sentry_environment=staging; 2
default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://analytics.twitter.com https://bam.nr-data.net https://bi-beta.pst.tech https://bi.pst.tech https://blog.postman.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.polyfill.io https://dl.pstmn.io https://fast.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://in.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://ms1frkqnsp7r.statuspage.io https://munchkin.marketo.net https://pages.getpostman.com https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://script.hotjar.com https://skills-assets.pstmn.io https://www.slideshare.net https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://vars.hotjar.com https://www.youtube.com https://p.adsymptotic.com https://assets.getpostman.com https://www.linkedin.com https://pixel.mathtag.com https://js.driftt.com https://www.googleleadservices.com https://google.g.doubleclick.net https://web.postman.com https://manifest.webmanifest https://www.googleadservices.com https://googleads.g.doubleclick.net https://px4.ads.linkedin.com https://i.ytimg.com https://api.mapbox.com https://events.mapbox.com https://identity.getpostman-beta.com https://identity.getpostman.com https://www.youtube-nocookie.com https://run.pstmn.io https://t7vhfmsv15.execute-api.us-east-1.amazonaws.com https://player.twitch.tv https://conversation.api.drift.com https://st-ar.cdn.postman.com https://vc.hotjar.io https://ws9.hotjar.com wss://ws9.hotjar.com https://821881030.privacysandbox.googleadservices.com/ https://bifrost-https-v4.gw.postman.com https://voyager.postman.com https://res.cloudinary.com https://app.launchdarkly.com https://events.launchdarkly.com https://api.amplitude.com https://clientstream.launchdarkly.com wss://ws1.hotjar.com https://worldtimeapi.org https://www.postman.com https://static.cloudflareinsights.com 'unsafe-inline'; form-action 'self'; base-uri 'self';  block-all-mixed-content; report-uri https://sentry.postmanlabs.com/api/738/security/?sentry_key=9f4634749cc5431981a67baf042d0e9e; 2
script-src 'self' *.concur.com concur.com *.concursolutions.com *.concursolutionsus.sc.omtrdc.net *.concursolutionseu.sc.omtrdc.net *.concurcdc.cn *.sap.com *.concurmessaging.com platform.cloud.coveo.com *.platform.cloud.coveo.com *.coveo.com coveo.com docs.coveo.com *.docs.coveo.com connect.coveo.com *.connect.coveo.com *.akamaihd.net *.akamaitechnologies.com *.deploy.akamaitechnologies.com *.deploy.static.akamaitechnologies.com *.googletagmanager.com googletagmanager.com google-analytics.com *.google-analytics.com *.gstatic.com *.stats.g.doubleclick.net *.adobedtm.com adobetm.com *.assets.adobedtm.com assets.adobedtm.com *.trustarc.com *.prefmgr-cookie.truste-svc.net *.walkme.com walkme.com *.cdn.walkme.com cdn.walkme.com *.glancecdn.net glancecdn.net *.glance.net glance.net *.s3.amazonaws.com s3.amazonaws.com *.salesforceliveagent.com *.enable-now.cloud.sap *.cloud.sap *.ondemand.com *.newrelic.com newrelic.com *.nr-data.net *.qualtrics.com *.siteintercept.qualtrics.com *.ridecharge.com 'unsafe-inline' 'unsafe-eval';report-uri /nui/signin/report-violation 2
font-src use.typekit.net data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.braintreegateway.com tst.kaptcha.com www.google.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com *.paypal.com *.magento.com magento.com embedwistia-a.akamaihd.net fast.wistia.com embed-fastly.wistia.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com use.typekit.net *.paypal.com js-agent.newrelic.com s3.amazonaws.com fast.wistia.com bam.nr-data.net www.gstatic.com www.google.com *.d41.co so.rlcdn.com *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline use.typekit.net p.typekit.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com magento.com *.magento.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.adobe.com stats.g.doubleclick.net google.com *.paypal.com adobe.tt.omtrdc.net bam.nr-data.net *.wistia.com *.litix.io int-api.magedevteam.com api.magento.com *.d41.co *.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 2
frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 2
script-src 'self' https://cdn.knightlab.com https://dap.digitalgov.gov platform.twitter.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' https://cdn.knightlab.com https://stackpath.bootstrapcdn.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2
form-action 'self'; style-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.cnil.fr *.educnum.fr; frame-ancestors 'self' www.dailymotion.com www.youtube-nocookie.com www.youtube.com; img-src 'self'; frame-src 'self' www.dailymotion.com www.youtube-nocookie.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.cnil.fr; object-src 'self'; font-src 'self'; base-uri 'self'; block-all-mixed-content; default-src 'self' data: blob:; 2
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com use.fontawesome.com nj.gov cdn.jsdelivr.net use.typekit.net *.custhelp.com maxcdn.bootstrapcdn.com *.nj.gov fonts.gstatic.com www.googletagmanager.com *.googleapis.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: stackpath.bootstrapcdn.com malsup.github.io cdn.jsdelivr.net use.typekit.net *.nj.gov www.google.com *.state.nj.us p.typekit.net maxcdn.bootstrapcdn.com cdn.datatables.net use.fontawesome.com code.jquery.com *.cloudfront.net *.custhelp.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: 77497.global.siteimproveanalytics.io www.google.com *.state.nj.us 1468.global.siteimproveanalytics.io fonts.gstatic.com *.adsrvr.org *.googleapis.com t.co abs.twimg.com server.arcgisonline.com www.gstatic.com clients1.google.com *.doubleclick.net pbs.twimg.com *.facebook.com www.googletagmanager.com placeimg.com content.govdelivery.com translate.google.com www.credit-card-logos.com njdoc.gov *.addthis.com imgssl.constantcontact.com sp.analytics.yahoo.com *.cloudfront.net *.arcgis.com www.njsp.org; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.state.nj.us; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.cloudfront.net *.state.nj.us *.twitter.com public.govdelivery.com *.addthis.com www.googletagmanager.com *.adsrvr.org nj.gov www.google.com *.arcgis.com *.doubleclick.net *.facebook.com www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.twitter.com oss.maxcdn.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.googleadservices.com *.cloudfront.net www.googletagmanager.com s.yimg.com public.govdelivery.com cdnjs.cloudflare.com v1.addthisedge.com www.gstatic.com use.fontawesome.com cdn.datatables.net siteimproveanalytics.com *.state.nj.us *.doubleclick.net z.moatads.com *.tiktok.com stackpath.bootstrapcdn.com *.facebook.net www.google.com *.custhelp.com *.adsrvr.org code.jquery.com *.arcgis.com *.ads-twitter.com cse.google.com *.addthis.com static.dialogflow.com translate.google.com sdk.amazonaws.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.cloudfront.net *.state.nj.us *.addthis.com *.nj.gov *.custhelp.com s.yimg.com adservice.google.com *.googleapis.com public.govdelivery.com www.googletagmanager.com www.njlottery.com analytics.google.com *.arcgis.com *.facebook.com www.google.com *.tiktok.com cognito-identity.us-east-1.amazonaws.com *.doubleclick.net; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.state.nj.us; form-action  www.sheriffalerts.com www.google.com *.facebook.com *.state.nj.us; frame-ancestors 'self' ; report-uri /csp_report 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 2
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; manifest-src 'self'; object-src 'none'; report-uri https://tsddev.report-uri.com/r/d/csp/reportOnly; 2
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
block-all-mixed-content; frame-ancestors 'none'; report-uri /global-cgi-bin/csp-report 2
default-src 'self'; frame-src https://cdn.rutarget.ru/ https://tag.rutarget.ru/ ; style-src 'unsafe-inline' 'self' fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://yandexmetrica.com:*/ https://*.mc.yandex.ru/ https://stats.g.doubleclick.net/ https://suggestions.dadata.ru/ https://suggest-maps.yandex.ru/ https://ymetrica1.com/ https://www.google-analytics.com/ https://unpkg.com/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/ https://*.sberbank.ru/ https://sa.online.sberbank.ru:8098/; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rutarget.ru yastatic.net *.maps.yandex.net suggest-maps.yandex.ru api-maps.yandex.ru *.otm-r.com www.google-analytics.com ajax.googleapis.com fonts.googleapis.com *.mc.yandex.ru mc.yandex.ru nlb-clickstream.sberbank.ru sp.otm-r.com stats.g.doubleclick.net www.google-analytics.com www.google.ru www.googletagmanager.com ; img-src 'self' data: www.gstatic.com api-maps.yandex.ru *.maps.yandex.net *.mc.yandex.com *.mc.yandex.ru mc.yandex.ru *.googleusercontent.com www.googletagmanager.com www.google.ru www.google.com www.google-analytics.com *.otm-r.com yandex.ru; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/; 2
child-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.podbean.com https://embed.tawk.to https://cdn.jsdelivr.net https://connect.facebook.net https://script.hotjar.com https://snap.licdn.com https://bat.bing.com https://sc-static.net *.blackbaudhosting.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.podbean.com https://embed.tawk.to cdn.jsdelivr.net connect.facebook.net script.hotjar.com snap.licdn.com bat.bing.com sc-static.net *.snapchat.com *.hotjar.com https://*.kaltura.com *.blackbaudhosting.com *.blackbaud.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://snap.licdn.com https://sc-static.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.theaccessplatform.com *.blackbaud.com *.blackbaudhosting.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.twitter.com https://static.ads-twitter.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://snap.licdn.com https://sc-static.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.theaccessplatform.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'report-sample' https://*.theaccessplatform.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' https://search.sheffield.ac.uk https://tr.snapchat.com; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sense.com *.addthisedge.com *.omtrdc.net *.everesttech.net *.demdex.net *.adobedtm.com *.scene7.com *.akamaihd.net *.adnxs.com *.baidu.com *.prod.bidr.io *.btttag.com *.brightcove.com *.brightcove.net *.zencdn.net *.cloudflare.com *.contentsquare.net *.company-target.com *.demandbase.com *.doubleclick.net *.adsymptotic.com *.d41.co *.dynatrace.com *.facebook.com *.facebook.net *.fontawesome.com *.fullstory.com *.google.co.in *.google.co.jp *.google.co.uk *.google.com *.google.com.hk *.google.fr *.google.kr *.google.es *.google.de *.google.ru *.google.ie *.google.am *.google.com.co *.google.com.ph *.google.com.au *.google.hu *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs.llnwd.net *.linkedin.com *.licdn.com *.i.lithium.com *.microsoftazuread-sso.com *.ni.com *.agkn.com *.newrelic.com *.nr-data.net *.moatads.com *.polyfill.io *.qualtrics.com *.quantcount.com *.quantserve.com *.rlcdn.com *.force.com *.salesforce.com *.salesforceliveagent.com *.pardot.com *.krxd.net *.rfihub.com *.serving-sys.com *.addthis.com *.adsrvr.org *.truste.com *.twitter.com *.ads-twitter.com t.co *.6sc.co *.rezync.com *.analytics.yahoo.com *.yimg.com unpkg.com *.psiexams.com *.systemlinkcloud.com *.systemlinkcloud.io mythinkscape.com *.mythinkscape.com *.multisim.com *.boltdns.net *.3playmedia.com *.paymetric.com *.captchas.net *.bing.com *.pagespeed-mod.com *.lithcloud.com *.jsdelivr.net *.cloudfront.net *.amazonaws.com *.day.com *.mathjax.org *.zoominsoftware.io *.bootstrapcdn.com *.nicdn.net *.leadsrx.com *.quizscape.com *.thoughtindustries.com *.wistia.com *.credly.com *.kbmax.com *.certain.com *.fonts.net *.typekit.net *.khoros.app.box.com *.limuirs-asset.lithium.com data: blob; object-src 'none'; worker-src * data: blob: 'unsafe-inline';  media-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src * ldb1: data:; media-src * data: about:; frame-ancestors 'self' *.aleks.com *.connectmath.com *.mhcampus.com; report-uri /aleks/csp_report?stamp=web2020111702&uri=%2F&referer= 2
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://zn4mbdaokn6kcahtg-cypress.siteintercept.qualtrics.com https://79423.analytics.edgekey.net https://cdnjs.cloudflare.com https://connect.facebook.net https://e.video-cdn.net https://img.en25.com https://oc-cdn-public-eur.azureedge.net https://rules.quantcount.com https://s1968580696.t.eloqua.com https://script.hotjar.com https://secure.quantserve.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://cdn.botframework.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net; object-src 'self'; connect-src 'self' https://www.infineon.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://api.flockler.com https://asset-out-cdn.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://d.video-cdn.net https://in.hotjar.com https://infineon.product-discontinuation.com https://licensing.bitmovin.com https://ma307-r.analytics.edgekey.net https://oc-cdn-public-eur.azureedge.net https://stats.g.doubleclick.net https://vc.hotjar.io https://vod.video-cdn.net https://www.google-analytics.com; font-src 'self' data: https://e.video-cdn.net https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://www.infineon.com https://chatbot.infineon.com https://oc-cdn-public-eur.azureedge.net https://players.brightcove.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://www.promeas.com; img-src 'self' data: https://www.infineon.com https://www.infineon-brandportal.com https://pbs.twimg.com https://www.kununu.com https://www.glassdoor.com https://s722891043.t.eloqua.com https://siteintercept.qualtrics.com https://asset-out-cdn.video-cdn.net https://media-api.flockler.com https://media-exp1.licdn.com https://pixel.quantserve.com https://px.ads.linkedin.com https://s1968580696.t.eloqua.com https://www.bluewind.it https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; manifest-src 'self'; media-src 'self' data:; base-uri 'self'; report-uri https://www.infineon.com/rest/csp/report; worker-src blob:; 2
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 2
default-src 'self' data: blob: mediastream: http://*.uni-kiel.de https://*.uni-kiel.de 'unsafe-inline' 'unsafe-eval';  2
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.recaptcha.net *.ads-twitter.com; img-src 'self' blob: data: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.hsbc.co.uk t.co *.linkedin.com *.facebook.com *.twitter.com *.google.co.uk; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.hsbc.co.uk *.qualtrics.com *.amazonaws.com *.we-stats.com *.hsbc.com wss://*.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net; frame-ancestors 'self' *.liveperson.net; font-src 'self' data: *.hsbc.com.hk; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:; report-uri /csp_rep 2
default-src https:; script-src 'self' 2
object-src 'none'; script-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com unpkg.com; script-src-attr 'self'; style-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 2
default-src 'self'; script-src 'self' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' https://*.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.plyr.io; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://*.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 2
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com ; frame-src 'self' *.scribd.com ; frame-ancestors 'self' *.scribd.com ; upgrade-insecure-requests; 2
default-src 'self';connect-src 'self' https://analytics.majestic.com https://analytics.majesticseo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.majesticseo.com https://analytics.majestic.com https://info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 2
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2
block-all-mixed-content; default-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net /services https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.google.com 'unsafe-inline'; script-src-attr 'self'; script-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; report-uri https://ae2fed611bf04be7d3efc10226296849.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.etracker.com/ https://*.etracker.de/ https://*.signalize.com/; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com; frame-src 'self' www.youtube.com; child-src 'self' www.youtube.com; 2
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://cex.io/ws/;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 2
default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: images.hw.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: rumcdn.geoedge.be cdns.gigya.com *.2mdn.net cdnassets.hw.net images.hw.net hit.uptrendsdata.com www.gstatic.com *.facebook.net www.google-analytics.com www.google.com *.googlesyndication.com *.dotomi.com *.adsafeprotected.com *.doubleclick.net www.googletagmanager.com *.googleapis.com adservice.google.com ads2000.hw.net *.ampproject.org www.googletagservices.com *.lijit.com choices.trustarc.com; form-action  *.facebook.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.2mdn.net cdns.gigya.com images.hw.net *.vimeo.com *.casalemedia.com cdns.us1.gigya.com *.facebook.com www.youtube.com www.google.com *.googleapis.com *.doubleclick.net *.lijit.com archive.org *.googlesyndication.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.2mdn.net images.hw.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.casalemedia.com cdnassets.hw.net images.hw.net archive.org *.moatpixel.com *.doubleclick.net *.googlesyndication.com choices.trustarc.com *.lijit.com cdns.gigya.com *.2mdn.net www.google.com ads2000.hw.net www.googletagmanager.com *.facebook.com metrics.brightcove.com csi.gstatic.com *.dotomi.com *.adsafeprotected.com px.moatads.com analytics.responsiveads.com publish.responsiveads.com www.google-analytics.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hb.emxdgt.com cdnassets.hw.net gw.geoedge.be cdns.gigya.com *.2mdn.net *.lijit.com cdns.us1.gigya.com *.casalemedia.com *.doubleclick.net *.facebook.com *.dotomi.com *.rubiconproject.com *.googlesyndication.com metrics.brightcove.com csi.gstatic.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com *.googlesyndication.com images.hw.net cdnassets.hw.net; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnassets.hw.net images.hw.net *.googleapis.com ads2000.hw.net; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com media.flixcar.com fonts.gstatic.com dots.bricks.plus www.smythstoys.com cdn.honey.io media.flixfacts.com; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.smythstoys.com; form-action  www.smythstoys.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.online-metrix.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.facebook.com www.google.ch cdnjs.cloudflare.com *.online-metrix.net www.google.fr www.google.vg images.woosmap.com www.google.ie www.myhermes.co.uk cdn.honey.io smyths.circulator.com media.flixfacts.com smyths-ce.circulator.com event.webcollage.net www.google.com.au www.smythstoys.com media.flixcar.com widgets.trustedshops.com region1.google-analytics.com analytics.google.com eu.klarnaevt.com www.google.co.in maps.gstatic.com www.google.co.jp api.autoaddress.ie content.syndigo.com event.syndigo.cloud fonts.gstatic.com *.googleapis.com www.google-analytics.com c.clarity.ms www.googletagmanager.com api.woosmap.com www.gstatic.com www.google.at region1.analytics.google.com static.geetest.com rt.flix360.com www.google.com logo.flix360.io *.bazaarvoice.com recs.richrelevance.com image.smythstoys.com www.google.de *.cloudfront.net dots.bricks.plus i.ytimg.com www.google.es www.google.co.uk; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.syndigo.com euc-widget.freshworks.com u0l0tck9kf.execute-api.eu-central-1.amazonaws.com *.facebook.com n.clarity.ms m.clarity.ms www.google.ie trustbadge.api.etrusted.com region1.google-analytics.com www.google.de *.doubleclick.net *.bazaarvoice.com shops-si.trustedshops.com cdnma.cdnservice.space *.hotjar.com www.google.at f.clarity.ms e.clarity.ms *.online-metrix.net www.google.fr d.clarity.ms www.google-analytics.com adservice.google.com *.googleapis.com api.woosmap.com www.googletagmanager.com api-abtesting.flix360.io www.google.ch webapp-conf.woosmap.com www.google.com b.clarity.ms image.smythstoys.com a.clarity.ms www.google.co.in 63di6za7i5.execute-api.eu-west-1.amazonaws.com www.google.co.jp bat.bing.com www.smythstoys.com h.clarity.ms region1.analytics.google.com www.google.com.au i.clarity.ms analytics.google.com api.trustedshops.com j.clarity.ms vc.hotjar.io www.google.es www.google.co.uk; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: js.stripe.com www.google.com *.facebook.com www.youtube.com 396468268852172.eu.webpush.freshchat.com *.youtube-nocookie.com *.hotjar.com wchat.eu.freshchat.com www.recaptcha.net www.smythstoys.com www.googletagmanager.com cdnma.cdnservice.space www.usemaxserver.de media.flixcar.com *.online-metrix.net js.klarna.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: image.smythstoys.com static.geetest.com content.syndigo.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.recaptcha.net *.bazaarvoice.com static.geetest.com www.google.ie wchat.freshchat.com prod.flixgvid.flix360.io *.googleadservices.com webapp.woosmap.com api.geetest.com www.googletagmanager.com api.autoaddress.ie www.gstatic.com www.google.at euc-widget.freshworks.com cdn.loadbee.com www.usemaxserver.de www.smythstoys.com media.flixcar.com *.doubleclick.net snippets.freshchat.com js.stripe.com www.google-analytics.com www.youtube.com scontent.webcollage.net *.hotjar.com www.google.de cdn.dots.bricks.plus x.klarnacdn.net wchat.eu.freshchat.com cdnjs.cloudflare.com bat.bing.com dots.bricks.plus content.webcollage.net www.myhermes.co.uk *.facebook.net code.jquery.com www.clarity.ms *.googleapis.com *.online-metrix.net www.google.com tiger-cdn.zoovu.com content.syndigo.com media.flixfacts.com widgets.trustedshops.com image.smythstoys.com syndi.webcollage.net sdk.woosmap.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wchat.eu.freshchat.com *.bazaarvoice.com wchat.freshchat.com cdnjs.cloudflare.com static.geetest.com cdn.honey.io api.autoaddress.ie euc-widget.freshworks.com www.smythstoys.com media.flixcar.com *.googleapis.com snippets.freshchat.com image.smythstoys.com cdn.dots.bricks.plus; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tools.oxygem.it/csp-violation-report-endpoint/index.php 2
default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; img-src data: *; script-src 'unsafe-inline' 'unsafe-hashes' *; style-src 'unsafe-inline' 'unsafe-hashes' *; connect-src *; child-src *; font-src *; report-uri /_csp; report-to default 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 2
report-uri /cspreport; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://bat.bing.com https://*.cookielaw.org https://karwei.bbvms.com https://*.bazaarvoice.com https://*.clarity.ms https://cloudstatic.obi4wan.com https://connect.getflowbox.com https://*.facebook.net www.google.com https://www.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.mopinion.com https://*.pinimg.com https://tdn.r42tag.com https://*.relay42.com; object-src 'self' 2
default-src 'self'; script-src 'report-sample' 'self' https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com https://www.googleadservices.com https://*.gstatic.com https://www.youtube.com 'sha256-9izYA3MaWXZp6FXbhxaWkW0rB9q2ujAWlJqniIDBRKc=' 'sha256-DMVzafV2jcRK56BASGGT37bXDhDSU+mD8f7u7FcGVeA=' 'sha256-DUL9J9HfVS4bTE+hb8W7LyQhmq9yZNQyBRbDUNJ3n+U=' 'sha256-HSv6TjYgBnT8MBVYgy4omprHDLyaL95thQdPnGvzWI8=' 'sha256-iVssU7kSKNRnAFS7l0E7nOLxD7Ct+dbHbNi/fSwuIOE=' 'sha256-PjqsSf3f4egZkc+XOX26EwU4SrPU35qwyDzTeToEmZQ=' 'sha256-RYDYGex1p9VPu3EjGuc37Wm7oeBXn9NryJkx+z5gvEw=' 'sha256-wMAXEQE12q+aJLCoQ5TKpd+P9nze2/JpiQ3M1CrPBzw=' 'sha256-XJQ8d2QPP1o6zkBFuRFbC8b0eJDf7///CTSiPo1ufWE=' 'sha256-ocn/WmpL721QG+tQcxXBarTDKegE1FSSALDFBywPIC4=' 'sha256-WkTuvJQWg5txM/Vwx0YPVn0kZTMQf5g4pTqHjA0RdD0=' 'sha256-YnP56nFOilZ4tv9rWtfz4j7PNrQk0/D4Opn7kU1XDYY=' 'sha256-CnUZc/1+7WxwF0sqUt01FuqcMesooAiiWCyZrkSikaQ=' 'sha256-4S/F5107zkcPgSAedP8v1znv6rGNqPbv27XT3dkO+6o=' 'sha256-AAjpQ9/A6E0Xycvf16MIcmUKX+2HXurKBWscU0iCvos=' 'sha256-reC2x+RelxmSNoeHe20AJaSZClV7MC5YEEoTaVqFuu0=' 'sha256-oUjRGyF1jVKJO735Z/tIa5PPFiu4lOUCbKmyAORN13w=' 'sha256-kveO7g/T72yOUPI8Z6e8UKLa/d5O/3VwdLwjziXKPVo=' 'sha256-UnJIWcy+TBibBDAJO3iiHpjJDfDBDSrHtRRE15Ky4ZQ=' 'sha256-6Nv9ozO3an4VH7CuuAzkQQcXVWkvpgireNoGFs9LjCo='; style-src 'report-sample' 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com https://greenhouse-reader-dot-fiber-marketing-live.appspot.com; font-src 'self' https://*.gstatic.com; frame-src 'self' https://*.g.doubleclick.net https://gfiber.speedtestcustom.com https://scone-pa.clients6.google.com https://secure.livechatinc.com https://www.youtube.com; img-src 'self' data: https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://1.bp.blogspot.com https://10498832.fls.doubleclick.net https://ad.doubleclick.net https://auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com https://greenhouse-reader-dot-fiber-marketing-live.appspot.com https://i.ytimg.com https://lh3.googleusercontent.com; manifest-src 'self'; media-src 'self' https://*.googleapis.com; report-uri https://csp.withgoogle.com/csp/fiber-marketing-live; 2
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2
default-src 'self' *.meo.pt *.altice-empresas.pt;script-src 'self' *.meo.pt *.altice-empresas.pt *.googletagmanager.com *.google-analytics.com analytics.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com secure.quantserve.com cdnjs.cloudflare.com *.googleoptimize.com *.hotjar.com *.googleadservices.com googleads.g.doubleclick.net rules.quantcount.com connect.facebook.net *.heatmap.it analytics.tiktok.com tags.bkrtx.com img.botschool.ai gateway.zscaler.net *.gstatic.com selo.confio.pt maps.googleapis.com *.inside-graph.com *.google.com *.quantcast.com 'unsafe-inline' 'unsafe-eval';style-src 'self' *.meo.pt *.altice-empresas.pt  img.botschool.ai *.googleapis.com gateway.zscaler.net selo.confio.pt webcare.byside.com 'unsafe-inline' eu-cdn.inside-graph.com use.fontawesome.com;img-src 'self' *.meo.pt *.altice-empresas.pt *.google-analytics.com analytics.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com *.google.com *.google.pt picsum.photos *.picsum.photos *.facebook.com *.heatmap.it *.quantserve.com sync.1rx.io sync.targeting.unrulymedia.com *.googletagmanager.com img.botschool.ai gateway.zscaler.net pbs.twimg.com *.google.es thumbs.web.sapo.io *.googlesyndication.com googleads.g.doubleclick.net pixel.rubiconproject.com selo.confio.pt *.insided.com sync.teads.tv match.sharethrough.com *.googleapis.com maps.gstatic.com *.inside-graph.com *.qccerttest.com data:;font-src 'self' *.meo.pt *.altice-empresas.pt *.fontawesome.com fonts.gstatic.com gateway.zscaler.net data:;connect-src 'self' *.meo.pt *.altice-empresas.pt *.google.com *.googletagmanager.com *.google-analytics.com analytics.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com *.doubleclick.net wss://*.byside.com analytics.tiktok.com api.botschool.ai wss://*.botschool.ai gateway.zscaler.net *.google.pt wss://*.inside-graph.com *.inside-graph.com *.sapo.pt *.hotjar.com *.hotjar.io *.analytics.google.com *.google-analytics.com *.googlesyndication.com signet-spot.telecom.pt *.googleapis.com wss://*.hotjar.com *.quantcast.com *.facebook.com;prefetch-src 'self';frame-ancestors 'self' *.meo.pt *.altice-empresas.pt gateway.zscaler.net;form-action 'self' *.meo.pt *.altice-empresas.pt *.facebook.com gateway.zscaler.net;base-uri 'self';upgrade-insecure-requests ;frame-src 'self' *.meo.pt *.altice-empresas.pt *.hotjar.com *.facebook.com *.bluekai.com *.doubleclick.net gateway.zscaler.net *.googletagmanager.com *.google.com *.inside-graph.com signet-spot.telecom.pt meoteste.speedtestcustom.com *.youtube.com; 2
default-src 'none'; frame-ancestors 'none'; base-uri 'self'; object-src 'self'; child-src 'self'; img-src 'self' stats.g.doubleclick.net www.google-analytics.com; font-src 'self'; form-action 'self'; manifest-src 'self'; style-src 'unsafe-inline' 'self' www.googletagmanager.com tagmanager.google.com; style-src-elem 'unsafe-inline' 'self' www.googletagmanager.com tagmanager.google.com; worker-src 'self'; script-src 'unsafe-inline' 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; script-src-elem 'unsafe-inline' 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; connect-src 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; report-to csp-endpoint; report-uri /beacon/deprecated/csp; style-src-attr 'unsafe-inline'; script-src-attr 'unsafe-inline'; 2
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
script-src 'self' 'unsafe-eval' chrome-extension: https://www.google.com https://app.uiscom.ru https://vk.com https://smartcallback.ru https://dsp.setl.ru 'unsafe-inline' 'unsafe-inline' https://www.gstatic.com https://image.sendsay.ru https://mc.yandex.ru https://www.google-analytics.com https://top-fwz1.mail.ru https://api-maps.yandex.ru https://yatr.ru https://iclicks.io https://www.googletagmanager.com https://cdn1.antlace.com https://mc.yandex.com https://viewplugin.com https://server.comagic.ru https://maps.api.2gis.ru https://mc.yandex.kz 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://creativecdn.com chrome-extension: https://iclicks.io https://spbrealty.ru https://yatr.ru https://www.google.com https://mc.yandex.ru 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' https://server.comagic.ru https://acestream.me https://gum.criteo.com https://metrika.yandex.ru https://www.youtube.com https://mc.yandex.com http://creativecdn.com https://m.youtube.com https://sonar.semantiqo.com; object-src 'self'; report-uri /cspreportonly; 2
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: euronet-dev01.epayworldwide.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consent.cookiebot.com consentcdn.cookiebot.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com ; form-action 'none' data: blob: ; report-uri /csp_report 2
connect-src analytics.tiktok.com app.shop.pe cds.taboola.com ct.pinterest.com *.personalcreations.com datacloud.tealiumiq.com events.attentivemobile.com h.clarity.ms personalcreations.attn.tv pips.taboola.com shop.pe trc.taboola.com www.google-analytics.com 'self' a.clarity.ms adservice.google.com.* api.amplitude.com api.livechatinc.com b.clarity.ms bat.bing.com bcp.crwdcntrl.net d.clarity.ms *.gifts.com f.clarity.ms gifts.attn.tv id5-sync.com j.clarity.ms lb.eu-1-id5-sync.com adservice.google.* metrics.personalcreations.com monitor.clickcease.com n.clarity.ms www.google.* *.googlesyndication.com personalcreations.pxf.io region1.google-analytics.com *.opendns.com *.fls.doubleclick.net.x.* shopper.shop.pe tag-demo.mention-me.com trc-events.taboola.com vimeo.com www.facebook.com www.google.com cdn.cookielaw.org geolocation.onetrust.com l.clarity.ms personalcreations-gb.attn.tv track.cordial.io; default-src 'self' *.fls.doubleclick.net addshoppers.s3.amazonaws.com addstrap-ui.addshoppers.com ads.nextdoor.com analytics.tiktok.com apis.google.com bat.bing.com bid.g.doubleclick.net c.clarity.ms cdn.attn.tv cdn.taboola.com cds.taboola.com *.tvsquared.com connect.facebook.net creatives.attn.tv ct.pinterest.com d.clarity.ms d.eml.personalcreations.com d.impactradius-event.com d3rr3d0n31t48m.cloudfront.net datacloud.tealiumiq.com dx.mountain.com flask.nextdoor.com googleads.g.doubleclick.net adservice.google.* insight.adsrvr.org lightboxapi.azurewebsites.net www.google.* p.typekit.net personalcreations.attn.tv pips.taboola.com *.opendns.com px.mountain.com s.pinimg.com shop.pe shopper.shop.pe sp.analytics.yahoo.com static.personalcreations.com swa.personalcreations.com t.channeladvisor.com tags.crwdcntrl.net tags.tiqcdn.com trc.taboola.com use.typekit.net www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googlecommerce.com www.googletagmanager.com www.lightboxcdn.com cimages.personalcreations.com trc-events.taboola.com; font-src 'self' *.cloudfront.net static.personalcreations.com use.typekit.net data:; frame-src *.doubleclick.net creatives.attn.tv *.personalcreations.com nytrng.com www.google.com d.eml.gifts.com demo.mention-me.com fast.planetart.demdex.net googleads.g.doubleclick.net planetart.demdex.net player.vimeo.com secure.livechatinc.com tpc.googlesyndication.com tsdtocl.com www.facebook.com track.cordial.io; img-src bat.bing.com cds.taboola.com collector-5729.tvsquared.com ct.pinterest.com data: flask.nextdoor.com insight.adsrvr.org p.typekit.net sp.analytics.yahoo.com static.personalcreations.com swa.personalcreations.com www.facebook.com www.google.com www.lightboxcdn.com about c.bing.com c.clarity.ms cimages.personalcreations.com csi.gstatic.com display.ugc.bazaarvoice.com events.attentivemobile.com i.vimeocdn.com id5-sync.com match.adsrvr.org network-a.bazaarvoice.com pagead2.googlesyndication.com shopper.shop.pe site-assets.afterpay.com static.dev.personalcreations.com swa.gifts.com wa.personalcreations.com www.googletagmanager.com cdn.cookielaw.org network-eu-a.bazaarvoice.com optanon.blob.core.windows.net trc.taboola.com www.ojrq.net; script-src addshoppers.s3.amazonaws.com analytics-static.ugc.bazaarvoice.com analytics.tiktok.com api.bazaarvoice.com api.livechatinc.com apis.google.com apps.nexus.bazaarvoice.com bat.bing.com cdn.attn.tv cdn.id5-sync.com cdn.livechatinc.com cdn.taboola.com connect.facebook.net content.atomz.com *.cloudfront.net display.ugc.bazaarvoice.com gs.mountain.com lightboxapi.azurewebsites.net player.vimeo.com px.mountain.com s.pinimg.com s7d1.scene7.com shop.pe shopper.shop.pe stage.sp10050c93.guided.ss-omtrdc.net tag.bounceexchange.com tags.crwdcntrl.net tags.tiqcdn.com trc.taboola.com unpkg.com www.clarity.ms www.clickcease.com www.googletagmanager.com www.lightboxcdn.com; object-src 'none'; report-uri https://personalcreations.report-uri.com/r/d/csp/wizard 2
default-src 'self'; script-src 'report-sample' 'self' https://app-sj25.marketo.com/js/forms2/js/forms2.min.js https://munchkin.marketo.net/160/munchkin.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://app-sj25.marketo.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://980-uuz-493.mktoresp.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://app-sj25.marketo.com; img-src 'self' data: https://www.google-analytics.com https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none' 2
default-src 'self' *.my127.site blob: *.webpipeline.net *.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com  'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:;; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.webpipeline.net *.brightcove.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.googleadservices.com impactradius-event.com utt.impactcdn.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com *.recaptcha.net *.google.com logs-01.loggly.com ojrq.net *.zencdn.net *.thehotelsnetwork.com *.google-analytics.com; style-src 'self' 'unsafe-inline' cloud.typography.com *.webpipeline.net *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com; img-src 'self' *.my127.site data: *.webpipeline.net *.brightcove.net *.brightcove.com *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com *.boltdns.net *.google-analytics.com *.onetrust.com; media-src 'self' blob: *.buyatab.com *.aman.com *.akamaihd.net *.boltdns.net; frame-src *; frame-ancestors 'self'; font-src 'self' *.my127.site data: *.webpipeline.net *.typekit.net *.aman.com *.gstatic.com *.cinnox.com; connect-src 'self' *.my127.site *.aman.com *.boltdns.net  *.thehotelsnetwork.com *.quantummetric.com *.akamaihd.net *.doubleclick.net *.google-analytics.com *.nr-data.net ws: 'unsafe-eval' *.googleapis.com *.onetrust.com *.synxis.com  *.cinnox.com impactradius-event.com utt.impactcdn.com *.brightcove.com ojrq.net logs-01.loggly.com amanresorts.pxf.io; report-uri https://aman.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2
script-src 'self' https://www.google-analytics.com https://www.buzzsprout.com https://connect.facebook.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://analytics.twitter.com; img-src 'self' data: https://craftassets.unraid.net https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; font-src 'self' data:; default-src 'self'; connect-src 'self' https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://assets.juicer.io https://cdn.cookielaw.org https://cdn.knightlab.com https://code.jquery.com https://connect.facebook.net https://geolocation.onetrust.com https://munchkin.marketo.net https://optanon.blob.core.windows.net https://snap.licdn.com https://static.ads-twitter.com https://www.buzzsprout.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com *.google-analytics.com *.googleapis.com *.analytics.google.com https://www.gstatic.com https://www.youtube.com https://505-xng-882.mktoweb.com https://fonts.googleapis.com https://*.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch https://*.mktoresp.com https://graph.facebook.com https://privacyportal-ch.onetrust.com https://stats.g.doubleclick.net https://www.juicer.io https://fonts.gstatic.com https://cdnapisec.kaltura.com https://share.transistor.fm https://www.facebook.com https://www.federli.ch https://*.fls.doubleclick.net player.vimeo.com; img-src https: data:; report-uri /api/six/cspreport; 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 2
frame-ancestors 'self'; report-uri https://www.bodyandsoul.com.au/csp-reports 2
default-src https: ws:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';img-src 'self' data: https: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval';                   img-src * data:;                   script-src 'self' https://*.formstack.com https://www.googletagmanager.com https://transparency.nrchealth.com https://dhan-sana-cdn.azureedge.net https://js.hsforms.net https://ajax.aspnetcdn.com https://embed.typeform.com https://www.google.com https://translate.google.com https://lptag.liveperson.net https://va.v.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ajax.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://translate-pa.googleapis.com https://static.cloud.coveo.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://forms.hsforms.com https://extend.vimeocdn.com https://f.vimeocdn.com https://www.gstatic.com https://z.moatads.com https://m.addthis.com https://s7.addthis.com https://v1.addthisedge.com https://www.youtube.com https://www.ypo.education/js/jsembedcode.js https://sfapi.formstack.io https://az416426.vo.msecnd.net https://player.vimeo.com/api/player.js https://analytics.talentegy.com https://bat.bing.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://cdata.mpio.io https://rdata.mpio.io https://cdn.popt.in https://collector-11061.tvsquared.com https://d31y97ze264gaa.cloudfront.net https://data.adxcel-ec2.com https://insight.adsrvr.org https://js.adsrvr.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsleadflows.net https://my.hellobar.com https://pixel.mathtag.com https://pixel.videohub.tv https://px.ads.linkedin.com https://rules.quantcount.com https://s.adroll.com https://s.amazon-adsystem.com https://s.pinimg.com https://sc-static.net https://script.crazyegg.com https://secure.quantserve.com https://siteimproveanalytics.com https://snap.licdn.com https://st1.dialogtech.com https://static.ads-twitter.com https://tag.simpli.fi https://i.simpli.fi https://tags.srv.stackadapt.com https://tracking.logpostback.com https://trkn.us https://www.googleadservices.com https://zncyxqo8pq1nl14p3-sanford.siteintercept.qualtrics.com https://analytics.twitter.com https://sanfordhealth.mdmatchup.com https://aa.agkn.com https://js.hscollectedforms.net https://assets.sitescdn.net https://www.groupexpro.com https://*.clarity.ms https://static.doubleclick.net https://*.g.doubleclick.net https://*.fls.doubleclick.net 'unsafe-inline' 'unsafe-eval';                   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://static.cloud.coveo.com https://www.gstatic.com https://f.vimeocdn.com https://code.jquery.com https://static.formstack.com https://cdnjs.cloudflare.com https://www.youtube.com https://formsprod.azureedge.net https://cdn.thinglink.me https://www.groupexpro.com;                   font-src 'self' data: https://static.formstack.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;                   frame-src 'self' https://*.formstack.com https://player.vimeo.com https://forms.hsforms.com https://js.hsforms.net https://www.google.com https://marketingplatform.google.com https://www.googletagmanager.com https://www.youtube.com https://s7.addthis.com https://lpcdn.lpsnmedia.net https://www.pinterest.com https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.ph https://ar.pinterest.com https://in.pinterest.com https://sanfordhealth.mdmatchup.com https://www.facebook.com https://tools.sanfordhealthplan.com https://www.pinterest.co.uk https://www.mysanfordchart.org https://pixel.mathtag.com https://www.pinterest.ca https://fast.wistia.net https://players.brightcove.net https://host.visualcalc.com https://e.issuu.com https://syndication.twitter.com https://www.thinglink.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net;                   frame-ancestors 'self' https://*.mysanfordchart.org;                   connect-src 'self' https://www.google-analytics.com https://usageanalytics.coveo.com https://dc.services.visualstudio.com https://maps.googleapis.com https://sfapi.formstack.io https://ct.pinterest.com https://api.hubapi.com https://stats.g.doubleclick.net https://forms.hubspot.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://bat.bing.com https://www.facebook.com https://m.addthis.com https://s7.addthis.com https://www.google.com https://adservice.google.com https://onesignal.com https://hubspot-forms-static-embed.s3.amazonaws.com https://dhanprod.azurefd.net https://d.adroll.com https://*.clarity.ms https://*.z1.dca0.com;                   report-uri https://csp-reporting.sanfordhealth.org;                   block-all-mixed-content; 2
report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 2
frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-ancestors 'self' http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io 2
default-src 'self' https://maxcdn.bootstrapcdn.com/* https://www.googletagmanager.com/* 2
manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; frame-ancestors 'self' clientelastaging.papersource.com https://s7.addthis.com; form-action 'self' https://1.camp.papersource.com:9101 https://accounts.google.com https://www.facebook.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://papersource.resultsstage.com https://tagmanager.google.com https://papersource.resultspage.com  https://cdn.cookielaw.org getfirebug.com fonts.googleapis.com *.subscribepro.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://core.spreedly.com https://papersource.resultspage.com https://app.customily.com https://js-agent.newrelic.com https://papersource.resultsstage.com https://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://*.optimove.net https://*.optimove.events https://static.zdassets.com https://bam.nr-data.net https://z.moatads.com https://v1.addthisedge.com https://widget-mediator.zopim.com/* https://widgets.pinterest.com https://graph.facebook.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://assets.pinterest.com/js/pinmarklet.js https://cdn.gartnerstudios.com https://tags.bkrtx.com https://cdn.attn.tv https://insights.bizrate.com https://*.bizrate.com *.mouseflow.com  https://cdn.cookielaw.org assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.customily.com https://*.amazonaws.com *.vantivprelive.com *.vantivcnp.com https://www.mczbf.com https://service.maxymiser.net core.spreedly.com *.subscribepro.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; media-src https://static.zdassets.com; img-src 'self' data: https://*.scene7.com https://*.paypal.com https://www.paypalobjects.com https://store.paradoxlabs.com https://papersource.resultsstage.com https://assets.resultspage.com https://www.google-analytics.com https://*.optimove.net https://*.gstatic.com https://www.googletagmanager.com https://bam.nr-data.net https://stats.g.doubleclick.net https://api.gartnerstudios.com https://app.customily.com https://cm.g.doubleclick.net/pixel* https://create.paper-source.com/* https://gcm.optimove.events/setCookie* https://www.addthis.com/bookmark.php https://log.pinterest.com https://cm.g.doubleclick.net https://gcm.optimove.events https://www.google.com/ads/ga-audiences https://*.google.com https://*.papersource.com https://*.paper-source.com https://*.emjcd.com https://*.dotomi.com *.mouseflow.com  https://cdn.cookielaw.org assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.customily.com https://*.amazonaws.com 'self' data: store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/* https://s7.addthis.com https://assets.pinterest.com https://login.dotomi.com https://www.google.com https://stags.bluekai.com https://core.conversant.mgr.consensu.org https://papersource.attn.tv fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de core.spreedly.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://static.zdassets.com https://tagmanager.google.com https://papersource.resultsstage.com fonts.googleapis.com fonts.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; connect-src 'self' https://*.addthis.com https://www.paypal.com https://*.optimove.events https://*.optimove.net https://ekr.zdassets.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://papersource.zendesk.com https://bam.nr-data.net wss://widget-mediator.zopim.com/* wss://widget-mediator.zopim.com https://static.zdassets.com https://app.customily.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://api.gartnerstudios.com/ https://cdn.gartnerstudios.com/ https://1.camp.papersource.com:9101/gartner/images https://*.sjwoe.co https://*.pinterest.com  https://cdn.cookielaw.org  https://*.googleapis.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.customily.com https://*.amazonaws.com *.mczbf.com *.doubleclick.net *.google-analytics.com *.zendesk.com *.optimove.net *.zopim.com *.attn.tv *.subscribepro.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://s7.addthis.com/static/sh* 'self' 'unsafe-inline' 'unsafe-eval'; 2
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com rec.smartlook.com https://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net use.typekit.net; form-action 'self' https://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com youtube.com https://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://platform.twitter.com platform.twitter.com https://rec.smartlook.com rec.smartlook.com https://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://*.googleapis.com *.googleapis.com https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com 'unsafe-inline'; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.diadoc.ru/csp 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport;connect-src ws: https: 'unsafe-inline' 'unsafe-eval' data:; 2
connect-src 'self' https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://secure.comodo.com 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 2
img-src https: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
default-src 'self' data: mediastream: blob: 'unsafe-inline' 'unsafe-eval' inline *.ibytedtos.com *.isnssdk.com *.resso.app resso.app *.resso.com resso.com *.resso.me *.snssdk.com *.byteoversea.net *.ibyteimg.com *.ipstatp.com *.tiktokv.com *.byteoversea.com music.tiktok.com tiktokmusic-test.bytedance.net;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=m_home 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
object-src players.brightcove.net www.propertyware.com s.propertyware.com vjs.zencdn.net; frame-ancestors 'self'; style-src 'unsafe-inline' *.propertyware.com fonts.googleapis.com info.buildium.com; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 2
report-uri /algemeen/report_CSP_error.php; frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 2
default-src 'self' *.meo.pt *.altice-empresas.pt;script-src 'self' *.meo.pt *.altice-empresas.pt *.googletagmanager.com *.google-analytics.com *.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com secure.quantserve.com cdnjs.cloudflare.com *.googleoptimize.com *.hotjar.com *.googleadservices.com googleads.g.doubleclick.net rules.quantcount.com connect.facebook.net u.heatmap.it analytics.tiktok.com tags.bkrtx.com img.botschool.ai gateway.zscaler.net *.gstatic.com selo.confio.pt maps.googleapis.com snap.licdn.com *.inside-graph.com 'unsafe-inline' 'unsafe-eval' ;style-src 'self' *.meo.pt *.altice-empresas.pt  img.botschool.ai fonts.googleapis.com gateway.zscaler.net selo.confio.pt webcare.byside.com 'unsafe-inline' eu-cdn.inside-graph.com use.fontawesome.com;img-src 'self' *.meo.pt *.altice-empresas.pt *.google-analytics.com *.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com *.google.pt picsum.photos *.picsum.photos www.facebook.com *.heatmap.it *.quantserve.com sync.1rx.io sync.targeting.unrulymedia.com *.googletagmanager.com img.botschool.ai gateway.zscaler.net pbs.twimg.com *.google.es thumbs.web.sapo.io thumbs.web.sapo.io *.googlesyndication.com googleads.g.doubleclick.net pixel.rubiconproject.com selo.confio.pt *.insided.com sync.teads.tv match.sharethrough.com *.googleapis.com *.gstatic.com *.inside-graph.com *.ads.linkedin.com *.linkedin.com *.qccerttest.com data:;font-src 'self' *.meo.pt *.altice-empresas.pt fonts.gstatic.com gateway.zscaler.net data:;connect-src 'self' *.meo.pt *.altice-empresas.pt *.googletagmanager.com *.google-analytics.com analytics.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com *.doubleclick.net  analytics.tiktok.com api.botschool.ai gateway.zscaler.net *.google.pt *.inside-graph.com  *.sapo.pt *.hotjar.io *.analytics.google.com *.google-analytics.com *.googlesyndication.com signet-spot.telecom.pt *.hotjar.com maps.googleapis.com  *.cmp.quantcast.com wss://*.byside.com wss://*.hotjar.com;prefetch-src 'self';frame-ancestors 'self' *.meo.pt *.altice-empresas.pt gateway.zscaler.net;form-action 'self' *.meo.pt *.altice-empresas.pt www.facebook.com gateway.zscaler.net;base-uri 'self';upgrade-insecure-requests ;frame-src 'self' *.meo.pt *.altice-empresas.pt *.hotjar.com *.facebook.com stags.bluekai.com *.doubleclick.net gateway.zscaler.net *.googletagmanager.com *.google.com eu-live.inside-graph.com signet-spot.telecom.pt meoteste.speedtestcustom.com www.youtube.com; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; referrer no-referrer-when-downgrade; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cosmb.report-uri.io/r/default/csp/reportOnly; 2
worker-src blob: https:; default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-inline' 'report-sample'; font-src data: https:; connect-src https: wss:; frame-src data: https:; img-src * 'self' data:; report-uri https://infakt.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com *.connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com asciinema.org *.addtoany.com https://translate.googleapis.com; script-src 'self'  'unsafe-inline'  'unsafe-eval'  data:  blob:  *.connect.facebook.net/en_US/   https://stg.01.org/  https://code.jquery.com/  https://www.googletagmanager.com/  https://www.google-analytics.com/analytics.js  https://connect.facebook.net/en_US/  https://*.static.addtoany.com/menu/  https://static.addtoany.com/menu/page.js  https://static.addtoany.com/menu/locale/ https://static.addtoany.com/menu/svg/icons.29.svg.js  https://geoip-db.com/jsonp ; img-src 'self' data: blob: https://secure.gravatar.com/avatar/ https://software.intel.com/sites/ https://corpredirect.intel.com/ https://*.www.gstatic.com/images/ https://www.googletagmanager.com/ https://www.gstatic.com/images/branding/product/ http://1.bp.blogspot.com/ http://2.bp.blogspot.com/ http://3.bp.blogspot.com/ http://4.bp.blogspot.com/ https://asciinema.org/ https://img.youtube.com/vi/ https://www.google-analytics.com/collect https://lh3.googleusercontent.com/ https://lh4.googleusercontent.com/ https://lh5.googleusercontent.com/ https://lh6.googleusercontent.com/; font-src 'self' *.fonts.gstatic.com/s/roboto/v20/ https://*.fonts.gstatic.com/s/roboto/v20/; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.unpkg.com https://*.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com; report-uri https://secularweb.uriports.com/reports/report; report-to default 2
font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.facebook.com *.twitter.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com *.facebook.net *.authorize.net *.simpli.fi *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.manoloblahnik.com *.hotjar.com *.bglobale.com *.global-e.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.cybersource.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.adyen.com www.google.com *.hotjar.com *.cybersource.com www.facebook.com www.youtube.com www.youtube-nocookie.com the-restory.app authentication.cardinalcommerce.com *.issuu.com *.bglobale.com *.global-e.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com blob *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com *.clarity.ms *.bing.com *.google.com *.googletagmanager.com manoloblahnik.com *.doubleclick.net.com ozplayer.global.ssl.fastly.net mcusercontent.com *.nr-data.net *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am; *.bglobale.com *.global-e.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net cdnjs.cloudflare.com *.zdassets.com widget-mediator.zopim.com *.newrelic.com *.hotjar.com *.bing.com *.clarity.ms *.nr-data.net *.cardinalcommerce.com www.youtube.com *.bglobale.com *.global-e.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com *.bglobale.com *.global-e.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com manolo.alekseon-test.eu www.manoloblahnik.com *.zdassets.com *.g.doubleclick.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.forter.com *.cloudfront.net wss://cdn0.forter.com www.google-analytics.com manoloblahnikhelp.zendesk.com *.zdassets.com *.widget-mediator.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.clarity.ms *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com *.bing.com stats.g.doubleclick.net www.google.com *.google.com www.facebook.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src 'self' https://api.cloudsponge.com https://cdn.plaid.com https://cdn.segment.com https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://amplify.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://static.ads-twitter.com https://snap.licdn.com https://www.googleadservices.com https://bat.bing.com https://tag.rmp.rakuten.com https://www.redditstatic.com https://s.yimg.com https://www.clickcease.com https://connect.facebook.net https://tr.outbrain.com https://b-code.liadm.com https://d.impactradius-event.com https://www.clarity.ms https://cdn.pdst.fm https://d18p8z0ptb8qab.cloudfront.net https://secure.quantserve.com https://rules.quantcount.com https://tags.srv.stackadapt.com https://www.krishetrk.com https://ext.chtbl.com sha256-9NSB+DllU3BlD34AIE9bDhybGzPQuNOyfx//ClMfQ9w=; connect-src 'self' https://account.masterworks.io https://api.masterworks.io/graphql wss://api.masterworks.io/graphqlws https://pricedb.ms.masterworks.io/graphql wss://bgro41vnmb.execute-api.us-east-2.amazonaws.com/production https://*.ingest.sentry.io https://api.cloudsponge.com https://collect.cloudsponge.com https://cdn.segment.com https://api.segment.io https://www.google-analytics.com https://*.google-analytics.com https://trc.taboola.com https://bat.bing.com https://s.yimg.com https://rp.liadm.com/ https://f.clarity.ms https://tags.srv.stackadapt.com https://us-central1-adaptive-growth.cloudfunctions.net https://t.getletterpress.com/ https://tag.simpli.fi https://stats.g.doubleclick.net https://masterworks.536u.net; img-src 'self' data: https://s3.amazonaws.com/works.masterworks.io/* https://images.ctfassets.net https://api.cloudsponge.com https://www.google-analytics.com https://bat.bing.com https://tr.outbrain.com https://ciqtracking.com/ https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://adservice.google.com https://q.quora.com https://trkn.us https://data.adxcel-ec2.com https://ups.analytics.yahoo.com https://sp.analytics.yahoo.com https://us-u.openx.net https://t.co https://analytics.twitter.com https://alb.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://x.bidswitch.net https://ib.adnxs.com https://aa.agkn.com https://pxl.qccerttest.com https://pixel.quantcount.com; style-src 'self' https://api.cloudsponge.com https://tags.srv.stackadapt.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; manifest-src 'self'; font-src 'self'; frame-src https://cdn.plaid.com https://www.facebook.com; upgrade-insecure-requests; report-uri https://csp.ms.masterworks.io/ 2
object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 2
policy-uri /admin/config/system/seckit/csp-report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com tags.tiqcdn.cn collect.tealiumiq.com *.criteo.com *.criteo.net *.omtrdc.net *.yimg.jp *.yahoo.co.jp prf.hn *.doubleclick.net *.line.me *.google.com *.google.it *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com sc-static.net *.usehero.com *.contentsquare.net *.demdex.net *.facebook.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.teads.tv zegna.d3.sc.omtrdc.net www.google.* *.zegna.com *.measmerize.com *.googlesyndication.com maps.gstatic.com *.riskified.com sandbox.gestpay.net ecomm.sella.it *.online-metrix.net amp.akamaized.net *.snapchat.com *.gstatic.com *.go-mpulse.net cm.everesttech.net *.googleapis.com *.akstat.io *.akamaihd.net *.line-scdn.net *.algolianet.com *.algolia.net *.algolia.com zegna-cloud-media.s3.amazonaws.com zegna-cloud-media.s3.eu-west-1.amazonaws.com zegna-cloud-media.s3-eu-west-1.amazonaws.com livechat.zegna.cn *.baidu.com blob: data: ; font-src 'self' data: *.googleapis.com *.gstatic.com; report-uri /cgi-bin/csp_report.cgi 2
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.formstack.com https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://www.wordfence.com https://www.google.com https://apply.atomicdata.com https://www.youtube.com https://www.gstatic.com; connect-src 'self' https://hemsync.clickagy.com https://aorta.clickagy.com https://stats.g.doubleclick.net https://www.google-analytics.com https://ws.zoominfo.com; font-src 'self' data: https://static.formstack.com https://fonts.gstatic.com; img-src 'self' data: https://images.squarespace-cdn.com https://id.rlcdn.com https://atomicdata.formstack.com https://sync.crwdcntrl.net https://d.agkn.com https://aa.agkn.com https://cm.g.doubleclick.net https://idsync.rlcdn.com https://us-u.openx.net https://pixel-sync.sitescout.com https://dpm.demdex.net https://stags.bluekai.com https://aorta.clickagy.com https://px.ads.linkedin.com https://secure.gravatar.com https://www.google.com https://p.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://static.formstack.com https://tags.clickagy.com https://atomicdata.formstack.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://code.visitor-track.com https://ws.zoominfo.com https://snap.licdn.com https://ml314.com https://www.google-analytics.com; report-uri https://atomicdata.report-uri.com/r/d/csp/wizard; 2
font-src 'self' https://fonts.gstatic.com/ unsafe-inline; frame-src 'self' unsafe-inline; style-src unsafe-inline report-sample 'self' https://fonts.googleapis.com; script-src report-sample 'self' unsafe-inline; 2
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com *.criteo.com *.adform.net *.criteo.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com *.facebook.com *.cloudfront.net *.hsforms.com *.powerreviews.com *.stickyadstv.com *.cdninstagram.com *.emxdgt.com *.outbrain.com *.adnxs.com *.pubmatic.com *.3lift.com *.media.net *.casalemedia.com *.bidswitch.net *.revcontent.com *.teads.tv *.taboola.com *.smartadserver.com *.sharethrough.com *.360yield.com *.liadm.com *.criteo.com *.postrelease.com *.tremorhub.com *.mediavine.com *.yieldmo.com *.clmbtech.com *.bing.com *.dmxleo.com *.smaato.net *.tapad.com *.addthis.com *.digitaleast.mobi *.yahoo.com *.doubleclick.net *.mediawallahscript.com *.rlcdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com *.criteo.net *.adform.net *.facebook.net *.cloudfront.net *.criteo.com *.hsforms.net *.hsforms.com *.powerreviews.com *.nr-data.net *.newrelic.com acsbapp.com foursixty.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com *.typekit.net *.cloudfront.net *.powerreviews.com foursixty.com www.googletagmanager.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://www.google-analytics.com *.yotpo.com *.visitors.live *.luckyorange.net wss://visitors.live/socket.io/ *.doubleclick.net wss://in.visitors.live/socket.io/ *.powerreviews.com foursixty.com *.acsbapp.com *.nr-data.net *.foursixty.com analytics.google.com *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com js-agent.newrelic.com c.evidon.com bam.nr-data.net www.gstatic.com cdn.jsdelivr.net; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com cdn.jsdelivr.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com l.evidon.com bam.nr-data.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net bam.nr-data.net c.evidon.com fonts.gstatic.com l.evidon.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.youtube.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2
child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self'; base-uri 'self'; frame-ancestors 'self' https: 2
frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-analytics.com https://js-eu1.hs-banner.com https://js-eu1.hs-banner.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://*.hubspot.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://bat.bing.com https://www.google-analytics.com https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://*.hubspot.com; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://disqus.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://*.hubspot.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com;     object-src 'self';     default-src 'self';      frame-src 'self' *.google.com;     img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com data:;     connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:;     font-src 'self' https://fonts.gstatic.com;     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 2
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com http://ajax.googleapis.com/ *.bootstrapcdn.com *.klevu.com/ https://cdn.bronto.com/ https://acsbapp.com/ https://web1.acsbapp.com/ data: http://cdn.materialdesignicons.com/ https://cdn.jsdelivr.net/ *.formstack.com/ *.fonts.googleapis.com/ *.richpanel.com https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ https://api.bluecore.com/ https://siteassets.bluecore.com/ https://site.bluecore.com/ https://cdn.bluecore.com/ https://storage.googleapis.com/ https://connect.facebook.net/ http://connect.facebook.net/ *.bluecore.app/ https://www.bluecore.com/ https://onsitestats.bluecore.com/ https://web.facebook.com/ https://www.googleoptimize.com/ *.clarity.ms/ *.googletagmanager.com https://optimize.google.com https://display.powerreviews.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ http://pipedream.wistia.com/ https://pipedream.wistia.com/ https://distillery.wistia.com/ http://distillery.wistia.com/ http://fg8vvsvnieiv3ej16jby.litix.io/ https://fg8vvsvnieiv3ej16jby.litix.io/ http://embed-ssl.wistia.com/ https://embed-ssl.wistia.com/ http://embedwistia-a.akamaihd.net/ https://embedwistia-a.akamaihd.net/ https://fast.wistia.com/ *.googleapis.com *.fontawesome.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com https://app.bronto.com/ http://app.bronto.com/ https://input.noibu.com/ *.formstack.com/ http://ajax.googleapis.com/ http://highcountrygardens.com/ http://www.americanmeadows.com/ http://www.landrethseed.com/ https://highcountrygardens.com/ https://www.americanmeadows.com/ https://www.landrethseed.com/ https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ https://api.bluecore.com/ https://siteassets.bluecore.com/ https://site.bluecore.com/ https://cdn.bluecore.com/ https://storage.googleapis.com/ https://connect.facebook.net/ http://connect.facebook.net/ *.bluecore.app/ https://www.bluecore.com/ https://onsitestats.bluecore.com/ https://web.facebook.com/ https://www.googleoptimize.com/ *.clarity.ms/ *.googletagmanager.com https://optimize.google.com https://display.powerreviews.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ http://pipedream.wistia.com/ https://pipedream.wistia.com/ https://distillery.wistia.com/ http://distillery.wistia.com/ http://fg8vvsvnieiv3ej16jby.litix.io/ https://fg8vvsvnieiv3ej16jby.litix.io/ http://embed-ssl.wistia.com/ https://embed-ssl.wistia.com/ http://embedwistia-a.akamaihd.net/ https://embedwistia-a.akamaihd.net/ https://fast.wistia.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://accessibe.com/ https://assets.braintreegateway.com/ https://secure.livechatinc.com/ *.formstack.com/ https://www.youtube.com/ http://ajax.googleapis.com/ https://api.richpanel.com/ https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://ssl.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ https://api.bluecore.com/ https://siteassets.bluecore.com/ https://site.bluecore.com/ https://cdn.bluecore.com/ *.hotjar.com https://storage.googleapis.com/ https://connect.facebook.net/ http://connect.facebook.net/ *.bluecore.app/ https://www.bluecore.com/ https://onsitestats.bluecore.com/ https://web.facebook.com/ https://www.googleoptimize.com/ *.clarity.ms/ *.googletagmanager.com https://optimize.google.com https://display.powerreviews.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ https://c.sandbox.paypal.com/ http://pipedream.wistia.com/ https://pipedream.wistia.com/ https://distillery.wistia.com/ http://distillery.wistia.com/ http://fg8vvsvnieiv3ej16jby.litix.io/ https://fg8vvsvnieiv3ej16jby.litix.io/ http://embed-ssl.wistia.com/ https://embed-ssl.wistia.com/ http://embedwistia-a.akamaihd.net/ https://embedwistia-a.akamaihd.net/ https://fast.wistia.com/ *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com https://www.googleanalytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.klevu.com/ https://fast.wistia.com/ http://fast.wistia.com/ 'self' https://embed-fastly.wistia.com/ http://cdn.bronto.com/ http://services.postcodeanywhere.co.uk https://acsbapp.com/ https://web1.acsbapp.com/ http://assets.pinterest.com/ http://media.americanmeadows.com/ http://t.powerreviews.com/ https://log.pinterest.com/ http://res.cloudinary.com/ http://embed.wistia.com/ https://amidev.americanmeadows.com/ https://cdn.livechatinc.com/ *.formstack.com/ *.ksearchnet.com/ https://script.crazyegg.com/ http://app.bronto.com/ https://app.bronto.com/ https://input.noibu.com/ https://email.americanmeadows.com/ http://ajax.googleapis.com/ *.richpanel.com https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ https://media.powerreviews.com https://api.bluecore.com/ https://siteassets.bluecore.com/ https://site.bluecore.com/ https://cdn.bluecore.com/ https://storage.googleapis.com/ *.bluecore.app/ https://www.bluecore.com/ https://onsitestats.bluecore.com/ https://web.facebook.com/ https://www.googleoptimize.com/ *.clarity.ms/ *.googletagmanager.com https://optimize.google.com https://display.powerreviews.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.bing.com/ http://pipedream.wistia.com/ https://pipedream.wistia.com/ https://distillery.wistia.com/ http://distillery.wistia.com/ http://fg8vvsvnieiv3ej16jby.litix.io/ https://fg8vvsvnieiv3ej16jby.litix.io/ http://embed-ssl.wistia.com/ https://embed-ssl.wistia.com/ http://embedwistia-a.akamaihd.net/ https://embedwistia-a.akamaihd.net/ *.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com http://ajax.googleapis.com/ vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com https://www.googleanalytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net/ *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com https://cdn.polyfill.io/ https://cdn.noibu.com/ http://script.crazyegg.com/ https://cdn.bronto.com/ https://snip.bronto.com/ https://acsbap.com/ *.klevu.com/ https://acsbapp.com/ https://web1.acsbapp.com/ http://cdn.bronto.com/ https://cdn.acsbapp.com/ https://secure.livechatinc.com/ http://ui.powerreviews.com/ https://fast.wistia.com/ http://fast.wistia.com/ http://rest.bronto.com/ http://api.addressy.com/ http://static.powerreviews.com/ http://connect.facebook.net/ https://web.facebook.com/ http://assets.pinterest.com/ https://js-agent.newrelic.com/ http://www.americanmeadows.com/ *.formstack.com/ https://bam.nr-data.net/ *.ksearchnet.com/ https://script.crazyegg.com/ *.magento.cloud/ https://app.bronto.com/ https://input.noibu.com/ https://email.americanmeadows.com/ *.richpanel.com https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ https://mpsnare.iesnare.com/snare.js http://js.braintreegateway.com/ https://cdn.mxpnl.com/ https://api.bluecore.com/ https://siteassets.bluecore.com/ https://site.bluecore.com/ https://cdn.bluecore.com/ https://storage.googleapis.com/ *.bluecore.app/ https://www.bluecore.com/ https://onsitestats.bluecore.com/ https://www.googleoptimize.com/ *.clarity.ms/ https://optimize.google.com https://display.powerreviews.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.hotjar.com/ *.bing.com/ http://pipedream.wistia.com/ https://pipedream.wistia.com/ https://distillery.wistia.com/ http://distillery.wistia.com/ http://fg8vvsvnieiv3ej16jby.litix.io/ https://fg8vvsvnieiv3ej16jby.litix.io/ http://embed-ssl.wistia.com/ https://embed-ssl.wistia.com/ http://embedwistia-a.akamaihd.net/ https://embedwistia-a.akamaihd.net/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com http://ajax.googleapis.com/ *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.klevu.com/ http://cdn.bronto.com/ http://ui.powerreviews.com/ http://api.addressy.com/ http://cdn.materialdesignicons.com/ https://cdn.jsdelivr.net/ *.formstack.com/ *.ksearchnet.com/ https://script.crazyegg.com/ *.magento.cloud/ https://app.bronto.com/ https://input.noibu.com/ https://email.americanmeadows.com/ https://fonts.googleapis.com/ *.richpanel.com https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ https://api.bluecore.com/ https://siteassets.bluecore.com/ https://site.bluecore.com/ https://cdn.bluecore.com/ https://storage.googleapis.com/ https://connect.facebook.net/ http://connect.facebook.net/ *.bluecore.app/ https://www.bluecore.com/ https://onsitestats.bluecore.com/ https://web.facebook.com/ https://www.googleoptimize.com/ *.clarity.ms/ *.googletagmanager.com https://optimize.google.com https://display.powerreviews.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ data: http://pipedream.wistia.com/ https://pipedream.wistia.com/ https://distillery.wistia.com/ http://distillery.wistia.com/ http://fg8vvsvnieiv3ej16jby.litix.io/ https://fg8vvsvnieiv3ej16jby.litix.io/ http://embed-ssl.wistia.com/ https://embed-ssl.wistia.com/ http://embedwistia-a.akamaihd.net/ https://embedwistia-a.akamaihd.net/ https://fast.wistia.com/ *.googleapis.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.livechatinc.com/ https://embed-fastly.wistia.com/ http://embed.wistia.com/ blob: https://ws.richpanel.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ https://js.braintreegateway.com/ https://api.bluecore.com/ https://siteassets.bluecore.com/ https://site.bluecore.com/ https://cdn.bluecore.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://storage.googleapis.com/ https://connect.facebook.net/ http://connect.facebook.net/ *.bluecore.app/ https://www.bluecore.com/ https://onsitestats.bluecore.com/ https://web.facebook.com/ https://www.googleoptimize.com/ *.clarity.ms/ *.googletagmanager.com https://optimize.google.com https://display.powerreviews.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.formstack.com/ data: *.bing.com/ http://pipedream.wistia.com/ https://pipedream.wistia.com/ https://distillery.wistia.com/ http://distillery.wistia.com/ http://fg8vvsvnieiv3ej16jby.litix.io/ https://fg8vvsvnieiv3ej16jby.litix.io/ http://embed-ssl.wistia.com/ https://embed-ssl.wistia.com/ http://embedwistia-a.akamaihd.net/ https://embedwistia-a.akamaihd.net/ https://fast.wistia.com/ *.amazonaws.com *.richpanel.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com wss://metroplex-dot-noibu-unicron.uc.r.appspot.com/ https://maw.bronto.com/ https://acsbapp.com/ https://web1.acsbapp.com/ https://cdn.acsbapp.com/ http://ui.powerreviews.com/ http://pipedream.wistia.com/ https://pipedream.wistia.com/ https://distillery.wistia.com/ http://distillery.wistia.com/ https://api.addressy.com/ *.braintreegateway.com *.braintree-api.com wss: https://i.noibu.com/ http://display.powerreviews.com/ https://tracking.crazyegg.com/ https://fiddler.brontops.com/ https://input.noibu.com/ https://shipseasons.americanmeadows.com/ https://bam.nr-data.net/ https://uscs22.ksearchnet.com/ *.ksearchnet.com/ https://script.crazyegg.com/ *.klevu.com/ https://email.americanmeadows.com/ *.formstack.com/ http://ajax.googleapis.com/ *.google-analytics.com/ https://www.googleanalytics.com https://stats.g.doubleclick.net/ *.richpanel.com https://bam-cell.nr-data.net https://embed-fastly.wistia.com/ https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ http://api.cloudinary.com/ https://api.bluecore.com/ https://siteassets.bluecore.com/ https://site.bluecore.com/ https://cdn.bluecore.com/ https://storage.googleapis.com/ https://connect.facebook.net/ http://connect.facebook.net/ *.bluecore.app/ https://www.bluecore.com/ https://onsitestats.bluecore.com/ https://web.facebook.com/ https://www.googleoptimize.com/ *.clarity.ms/ *.googletagmanager.com https://optimize.google.com https://display.powerreviews.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.hotjar.com *.bing.com/ http://fg8vvsvnieiv3ej16jby.litix.io/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://fast.wistia.com/ http://fast.wistia.com/ http://embed-ssl.wistia.com/ https://embed-ssl.wistia.com/ http://embedwistia-a.akamaihd.net/ https://embedwistia-a.akamaihd.net/ wss://*.richpanel.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
object-src 'none'; 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
font-src *.googleapis.com *.gstatic.com *.audioeye.com *.fontawesome.com *.adtran.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.eloqua.com *.adtran.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.youtube.com *.vimeo.com *.google.com *.tfaforms.com *.audioeye.com *.adtran.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.audioeye.com *.eloqua.com *.gstatic.com *.googleapis.com *.adtran.com https://stats.g.doubleclick.net/ https://img.youtube.com store.paradoxlabs.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com s7.addthis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.clickdesk.com *.en25.com *.google-analytics.com *.cloudfront.net *.gstatic.com *.googleapis.com *.audioeye.com *.fontawesome.com *.licdn.com *.facebook.net *.adtran.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.gstatic.com *.fontawesome.com *.audioeye.com *.adtran.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ekr.zdassets.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com https://stats.g.doubleclick.net/ *.audioeye.com *.adtran.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /iwd_csp/report/log; report-to report-endpoint; 2
base-uri 'self'; default-src 'self'; img-src 'self' data: https: http://media.irl.co; media-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https://*.irl.com https://fonts.googleapis.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.irl.com https://*.firebaseio.com https://www.googletagmanager.com https://js.stripe.com https://websdk.appsflyer.com https://acsbapp.com https://web1.acsbapp.com; connect-src 'self' https://*.irl.com https://*.sentry.io https://*.firebaseio.com wss://*.firebaseio.com https://www.googleapis.com https://securetoken.googleapis.com https://identitytoolkit.googleapis.com https://firebasestorage.googleapis.com https://firestore.googleapis.com https://docs.google.com https://s3.us-west-1.amazonaws.com https://api.giphy.com https://vimeo.com https://api.stripe.com https://cdn.acsbapp.com/ https://web1.acsbapp.com https://wa.appsflyer.com https://wa.onelink.me ; font-src https://fonts.gstatic.com https://acsbapp.com; form-action mailto: https://docs.google.com; frame-src https://*.irl.com https://*.firebaseio.com https://accounts.google.com https://player.vimeo.com https://js.stripe.com https://acsbapp.com https://accounts.accessibe.com; object-src 'none'; worker-src 'self' 2
default-src 'self' https://*.lisboa.pt https://*.cm-lisboa.pt; img-src https: blob: data:; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://*.readspeaker.com https://chatwidget.dashboard-visor.com https://cdnjs.cloudflare.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com/ https://*.googleapis.com https://*.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.kaspersky-labs.com https://*.readspeaker.com  https://*.cloudflare.com https://*.dashboard-visor.com https://*.googleapis.com https://*.jsdelivr.net https://*.mapbox.com https://*.readspeaker.com https://*.bootstrapcdn.com https://*.fontawesome.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.4ddons.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.jquery.com https://*.readspeaker.com https://*.googleapis.com https://code.jquery.com https://chatwidget.dashboard-visor.com https://*.readspeaker.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.com https://cdnjs.cloudflare.com https://api.mapbox.com https://npmcdn.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.youtube.com/ https://*.appybook.com https://*.bol.pt https://*.facebook.net https://*.google-analytics.com https://*.svn0czn.com https://*.tryinteract.com; script-src-elem 'self' 'unsafe-inline' https://*.bol.pt https://*.cdnjs.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hublosk.com https://*.jquery.com https://*.jscontent.net https://*.jullyambery.net https://*.kellyfight.com https://*.npmcdn.com https://*.readspeaker.com https://*.youtube.com https://*.appybook.com https://*.bol.pt https://*.dashboard-visor.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.jquery.com https://*.pagespeed-mod.com https://*.readspeaker.com https://*.ritta.local https://*.tryinteract.com https://*.acestream.net https://*.bootstrapcdn.com https://*.cdnjs.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.googleapis.com https://*.jsdelivr.net https://*.kaspersky-labs.com https://*.mapbox.com https://*.npmcdn.com https://*.pilaff-up.ru https://*.readspeaker.com https://*.youtube.com; connect-src 'self' data: https://*.doubleclick.net https://*.glitch.com https://*.glitch.me https://*.kellyfight.com https://*.ucweb.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatwidget.dashboard-visor.com wss://chatwidget.dashboard-visor.com https://services.arcgis.com https://*.mapbox.com https://*.googleapis.com/ https://*.doubleclick.net https://*.readspeaker.com; frame-src 'self' https://*vimeo.com https://*.zscloud.net https://*.appybook.com https://*.bol.pt https://*.city-platform.com https://*.cm-lisboa.pt https://*.googletagmanager.com https://*.knightlab.com https://*.lisboa.pt https://*.moz.com https://*.tryinteract.com https://*.vimeo.com https://*.vkanalytics.net https://*.youtube-nocookie.com https://*.youtube.com; font-src 'self' https://*.avast.com https://*.cloudflare.com https://*.ss-cdn.com https://*.windows.net https://fonts.gstatic.com https://chatwidget.dashboard-visor.com https://*.fontawesome.com https://*.avast.com https://*.github.com https://*.typekit.net data:; media-src 'self' https://*.dashboard-visor.com data:; worker-src 'self' blob:; report-uri /fma/csp.php 2
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; manifest-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.nr-data.net https://*.zendesk.com https://*.google.com https://*.bsnteamsports.com https://*.fancloth.shop https://*.bsnteamsports.com https://*.fancloth.shop https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://ajax.googleapis.com https://assets.zendesk.com https://bam.nr-data.net https://code.jquery.com https://f.vimeocdn.com https://google-analytics.com https://googletagmanager.com https://js-agent.newrelic.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://player.vimeo.com https://*.xisecurenet.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://static.zdassets.com https://theme.zdassets.com https://use.fontawesome.com https://v2.zopim.com https://www.google-analytics.com https://*.googletagmanager.com https://www.vimeo.com https://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://graph.facebook.com https://js.facebook.com https://use.typekit.net https://www.googleadservices.com https://unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' *.zdassets.com *.fontawesome.com *.bootstrapcdn.com *.typekit.net *.google.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.googleapis.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com unpkg.com; object-src *.googlesyndication.com; frame-src 'self' *.vimeo.com vars.hotjar.com www.googletagmanager.com www.google.com *.paymetric.com bid.g.doubleclick.net; child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net *.vimeo.com connect.facebook.net vimeo.com www.googletagmanager.com; img-src 'self' data: blob: *.zopim.io *.zopim.com *.zendesk.com *.zdusercontent.com *.zdassets.com *.vimeocdn.com *.vimeo.com *.nr-data.net *.google.com *.google-analytics.com ajax.googleapis.com code.jquery.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.bsnsports.com *.gstatic.com googleads.g.doubleclick.net script.hotjar.com pulse.art.bsnsports.com ssgsales.com www.facebook.com *.googletagmanager.com; font-src 'self' data: *.zopim.com *.fontawesome.com *.bootstrapcdn.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.typekit.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com static.zdassets.com; connect-src 'self' *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com *.nr-data.net *.hotjar.io *.hotjar.com *.google.com *.fontawesome.com *.bsnteamsports.com *.fancloth.shop *.analytics.google.com ajax.googleapis.com code.jquery.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net settings.luckyorange.net vimeo.com www.facebook.com www.ssgecom.com *.google-analytics.com *.googletagmanager.com wss://in.visitors.live wss://visitors.live wss://*.hotjar.com wss://widget-mediator.zopim.com; form-action 'self' *.google.com *.facebook.com connect.facebook.net; media-src 'self' *.vimeo.com static.zdassets.com vimeo.com; prefetch-src 'self'; worker-src 'self' blob: www.google.com; report-uri https://62e17a85e7a4e344fdd77145.endpoint.csper.io?v=1 2
report-uri /_/csp-reports 2
report-uri /ui/csp-violations/;default-src 'none';img-src 'self' data: https:;base-uri 'self';block-all-mixed-content;form-action 'self';font-src 'self' https://fonts.gstatic.com data:;object-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://polyfill.io https://ssl.google-analytics.com https://cdn.walkme.com 'report-sample';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;media-src 'self';manifest-src 'self';connect-src 'self' 'report-sample' https://rum-http-intake.logs.datadoghq.com https://*.walkme.com https://ssl.google-analytics.com https://stats.g.doubleclick.net;frame-src 'self' https://cdn.walkme.com https://*.vetconnectplus.com;frame-ancestors * 2
font-src *.fontawesome.com 'self' *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.google.com/ https://www.youtube.com https://www.googletagmanager.com/ https://www.facebook.com https://www.e-shop-direct.com https://handel.ortlieb.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com https://www.magezon.com https://www.mollie.com https://med-euw3c.squarelovin.com/ https://www.google.*/ads/ https://www.facebook.com https://cdn.ywxi.net https://maps.googleapis.com https://maps.gstatic.com https://www.e-shop-direct.com https://www.google-analytics.com https://www.google.com https://www.google.de 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.google.com js.mollie.com 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://*.cookiefirst.com/ https://chimpstatic.com/ https://squarelovin.com/squarelovin.js https://squarelovin.com/api/index/get-stream-media/ https://connect.facebook.net/signals/config/995641483818596 https://consent.cookiefirst.com/banner.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ecommerce.js https://cdn.klarna.com/1.0/code/client/all.js https://maps.googleapis.com/maps/api/js https://www.e-shop-direct.com/libs/js/jquery-3.1.1.min.js https://unpkg.com/web-vitals@0.2.2/dist/web-vitals.es5.umd.min.js *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com 'report-sample' https://*.cookiefirst.com/ https://*.squarelovin.com/squarelovin.css https://med-cf-1.squarelovin.com https://www.e-shop-direct.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'none' 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.google-analytics.com https://static.cookiefirst.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.clientpay.com/scripts/embed.js  http://us2.siteimprove.com/js/siteanalyze_17084.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline' https://cloud.typography.com/ https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com/ https://player.vimeo.com/ https://app.clientpay.com/;  img-src 'self' https://17084.global.siteimproveanalytics.io https://www.google-analytics.com https://i.vimeocdn.com/ https://i.ytimg.com/; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: data:; connect-src wss://www.florius.nl/ https://www.florius.nl/ https://www.surve.nl/ https://insights.hotjar.com/ https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com/ https://stats.g.doubleclick.net/; worker-src blob:; report-uri https://www.florius.nl/api/v1.0/CSPReporting/Report?category=report-only;; 2
block-all-mixed-content; default-src 'self'; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://*.googleapis.com https://*.novozymes.com https://ssl.google-analytics.com https://*.linkedin.com https://*.pardot.com https://*.cookieinformation.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.sharethis.com https://*.hotjar.com https://*.facebook.net https://*.licdn.com https://*.marketo.com https://*.marketo.net; style-src 'self' 'unsafe-inline' https://*.marketo.com https://fonts.googleapis.com/css https://ws.sharethis.com; img-src 'self' data: https:; child-src 'self' https://*.sharethis.com https://*.hotjar.com https://*.cookieinformation.com; connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.mktoutil.com https://*.sharethis.com https://*.doubleclick.net https://*.cookieinformation.com https://*.mktoresp.com https://*.google-analytics.com; frame-src 'self' https://www.novozymes.tv https://nz.23video.com https://*.sitecore.net https://sitecoreboost.azurewebsites.net https://*.pardot.com bid.g.doubleclick.net *.hotjar.com https://*.cookieinformation.com https://*.vimeo.com https://ws.sharethis.com https://www.youtube.com https://www.facebook.com https://*.marketo.com https://www.googletagmanager.com; report-uri https://novozymes.report-uri.com/r/d/csp/reportOnly 2
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sdk.privacy-center.org; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: mon-compte.banquedesterritoires.fr ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2
style-src 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de use.fontawesome.com;img-src 'self' data: *.helsana.ch *.pinterest.com s0.2mdn.net bat.bing.com www.facebook.com connect.facebook.net cm.everesttech.net dpm.demdex.net apple-resources.s3.amazonaws.com  *.applemediaservices.com *.googlesyndication.com *.gstatic.com maps.googleapis.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net  t.co *.linkedin.com *.google.com *.google.ch *.google.de *.google.fr *.google.li *.google.it *.google.ad *.google.ae *.google.al *.google.at *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.ca *.google.cd *.google.cg *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.ga *.google.gr *.google.ht *.google.hr *.google.hu *.google.ie *.google.iq *.google.jo *.google.lk *.google.lt *.google.lu *.google.lv *.google.me *.google.mg *.google.ml *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tn *.google.tt *.google.vg *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kh *.google.com.lb *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ni *.google.com.pe *.google.com.pk *.google.com.py *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com interaktiv.contilla.de;font-src 'self' data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net use.fontawesome.com *.helsana.ch;media-src 'self' data: blob: *.helsana.ch d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com;object-src 'none';worker-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com analytics.twitter.com snap.licdn.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net  maps.googleapis.com www.googletagmanager.com  assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com snap.licdn.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com  www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de;connect-src 'self' wss://*.helsana.ch *.helsana.ch maps.googleapis.com privacyportal-eu.onetrust.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cookielaw.org api.sitesearch360.com *.ads-twitter.com *.linkedin.com *.pinterest.com api.openweathermap.org  www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com  *.google.com *.doubleclick.net www.google-analytics.com  tt.omtrdc.net dpm.demdex.net wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu interaktiv.contilla.de;frame-src 'self' *.helsana.ch *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com bid.g.doubleclick.net  consentcdn.cookiebot.com www.youtube.com fls.doubleclick.net assets.adobedtm.com  www.facebook.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com *.undpartner.digital;frame-ancestors 'self' *.helsana.ch;report-uri https://helsana.report-uri.com/r/d/csp/wizard;report-to wizard; 2
default-src 'self' blob:; img-src 'self' data: *; media-src * blob:; script-src 'self' https://kapsch.net https://www.kapsch.net https://*.usercentrics.eu www.googletagmanager.com www.google-analytics.com data: www.googleadservices.com snap.licdn.com analytics.twitter.com static.ads-twitter.com www.youtube.com client.crisp.chat tools.euroland.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net connect.facebook.net 'unsafe-eval' blob: streamer.a1.net webcast.a1.net vjs.zencdn.net 'report-sample'; connect-src 'self' https://*.usercentrics.eu www.google-analytics.com www.googleadservices.com snap.licdn.com analytics.twitter.com static.ads-twitter.com noembed.com client.crisp.chat wss://client.relay.crisp.chat streamer.a1.net webcast.a1.net; frame-src 'self' https: https:; style-src 'self' 'unsafe-inline' hello.myfonts.net client.crisp.chat streamer.a1.net webcast.a1.net vjs.zencdn.net; font-src 'self' client.crisp.chat data:; manifest-src 'self'; report-uri /csp-violation-report/ 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uxfeedback.ru https://chat.finuslugi.ru https://connect.facebook.net https://www.facebook.com https://vk.com https://top-fwz1.mail.ru https://px.adhigh.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://cdn.amplitude.com https://www.google-analytics.com https://optimize.google.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com;connect-src 'self' https://iss.moex.com *.uxfeedback.ru https://chat.finuslugi.ru wss://chat.finuslugi.ru https://top-fwz1.mail.ru https://px.adhigh.net https://rexc.moex.com https://api.finuslugi.ru https://lk.finuslugi.ru https://assets.finuslugi.ru https://www.moex.com api.amplitude.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com;img-src 'self' data: *.uxfeedback.ru https://vk.com https://www.facebook.com https://11143639.fls.doubleclick.net https://assets.finuslugi.ru https://liknot.ru https://www.workle.ru https://www.google.ru https://www.google.com https://www.google-analytics.com www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' *.uxfeedback.ru https://chat.finuslugi.ru https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com;font-src 'self' data: *.uxfeedback.ru https://fonts.gstatic.com;media-src 'self';child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;frame-src blob: *.uxfeedback.ru https://11143639.fls.doubleclick.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://optimize.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;base-uri 'self';form-action 'self';manifest-src 'self';worker-src 'self';report-uri https://rexc.moex.com; 2
default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/csp 2
frame-ancestors http://*.infomart.co.jp https://*.infomart.co.jp http://infomart.co.jp https://infomart.co.jp http://www.foods-ch.com https://www.foods-ch.com http://foods-ch.com https://foods-ch.com *.medicalinfomart.com *.beautyinfomart.com; report-uri https://es.infomart.co.jp/csp-report; 2
font-src *.gstatic.com data: *.typekit.net *.yotpo.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com https://plumrocket.com *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.xtento.com cdn.xtento.com blob: *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com cdn.xtento.com  https://targetemsecure.blob.core.windows.net *.slgnt.eu *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.yotpo.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de  *.slgnt.eu ws: *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://geoip-js.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://script.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/; media-src 'self'; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com; frame-ancestors 'none'; child-src 'self' *.youtube.com ; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://script.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/; report-uri /report-csp-violation 2
script-src 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net connect.facebook.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net fonts.googleapis.com magento-recs-sdk.adobe.net static.trackedweb.net tags.srv.stackadapt.com snap.licdn.com tags.srv.stackadapt.com bat.bing.com e.performancehealth.com f.vimeocdn.com tags.srv.stackadapt.com bam.nr-data.net; style-src 'self' 'unsafe-inline' wchat.freshchat.com fonts.googleapis.com js.klevu.com tags.srv.stackadapt.com staticw2.yotpo.com; report-uri /.webscale/csp-report 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.gstatic.com *.linearicons.com *.googleapis.com *.hotjar.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' data: *.monolithicpower.com *.monolithicpower.cn *.googleadservices.com *.cookiebot.com *.hotjar.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.doubleclick.net *.cookiebot.com *.hotjar.com *.stripe.com vendor.ultralibrarian.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.co.in *.google.com *.paypal.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com *.baidu.com *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com 'self' data: *.cloudflare.com *.stripe.com *.monolithicpower.com *.monolithicpower.cn *.google-analytics.com *.google.com *.googletagmanager.com *.googleadservices.com *.cookiebot.com *.gstatic.com *.doubleclick.net *.usercentrics.eu *.fontawesome.com *.hotjar.com *.baidu.com *.zdassets.com *.zendesk.com *.zopim.com *.marketo.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.ipstack.com *.youku.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.googleapis.com *.gstatic.com *.linearicons.com *.dotdigital.com *.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.google-analytics.com *.doubleclick.net *.cloudflare.com *.paypal.com *.hotjar.com wss://ws4.hotjar.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.cardinalcommerce.com *.braintree-api.com assets.braintreegateway.com api.comapi.com 186-oug-983.mktoresp.com 224-vwe-648.mktoresp.com *.ipstack.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.youtube.com *.cookiebot.com *.showefy.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.gstatic.com *.google.com *.usercentrics.eu https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.newrelic.com *.nr-data.net *.googleapis.com *.addtoany.com *.zdassets.com *.facebook.com *.cookiebot.com *.pinterest.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.nr-data.net *.zendesk.com *.zopim.com *.zdassets.com wss://widget-mediator.zopim.com *.doubleclick.net *.teads.tv www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/artists_youtube 2
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self'  https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.pci.favor.dev *.favorengineering.com  https://*.forter.com https://dkupaw9ae63a8.cloudfront.net ont.net wss://cdn0.forter.com *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval'  https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard; worker-src blob: 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.klevu.com *.ksearchnet.com *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.facebook.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com/ *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.youtube.com *.paypal.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cookiebot.com *.hotjar.com *.facebook.com *.kaptcha.com https://store.plumrocket.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.pmtonline.co.uk unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.trustpilot.com *.nosto.com *.amazonaws.com *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.googletagmanager.com *.yotpo.com blob: x.klarnacdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.trustpilot.com *.nosto.com *.klevu.com polyfill.io *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com *.clarity.ms *.klarnaservices.com x.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com *.doubleclick.net cdn.dnky.co webchat.dotdigital.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com unsafe-inline *.trustpilot.com *.nosto.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.trustpilot.com *.finance-calculator.co.uk *.paypal.com *.nosto.com *.google.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.cardinalcommerce.com *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com *.cookiebot.com *.clarity.ms *.sentry.io *.klarnaservices.com x.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 2
default-src 'self' https: data: wss: about: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_reports.json; 2
font-src *.gstatic.com data: *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.xtento.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.salecycle.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.vimeo.com *.paypalobjects.com *.sandbox.paypal.com *.hotjar.com *.adelixir.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com www.xtento.com cdn.xtento.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.rakuten.com *.braintreegateway.com *.google.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.rlcdn.com *.listrakbi.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com www.xtento.com cdn.xtento.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.rakuten.com *.braintreegateway.com *.google.com *.authorize.net *.paypal.com *.ytimg.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.de  *.cdn.dnky.co *.comapi.com *.dotdigital.com *.facebook.net *.yotpo.com *.salecycle.com *.linksynergy.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.listrakbi.com data: *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.rakuten.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de  *.cdn.dnky.co *.comapi.com *.dotdigital.com *.facebook.net *.yotpo.com *.salecycle.com *.linksynergy.com data: *.listrakbi.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com proxy.greenbureau.com; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: try.abtasty.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: eb2.3lift.com sync-criteo.ads.yieldmo.com *.smartadserver.com ad.yieldlab.net ups.analytics.yahoo.com c.contentsquare.net tr.cloud-media.fr *.linkedin.com *.doubleclick.net *.facebook.com www.googletagmanager.com *.bidswitch.net www.google.fr *.taboola.com www.google-analytics.com u360.d-bi.fr statics.pushaddict.com gjigle.com criteo-sync.teads.tv *.rubiconproject.com contextual.media.net www.google.com cdn.greenbureau.com editor-assets.abtasty.com *.criteo.com asset.easydmp.net *.adsrvr.org nocookie.avads.net simage2.pubmatic.com id5-sync.com cm.adform.net visitor.omnitagjs.com sync.outbrain.com exchange.mediavine.com img.youtube.com *.casalemedia.com ad.360yield.com match.sharethrough.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.criteo.com *.facebook.com gjigle.com asset.easydmp.net www.zenaps.com *.doubleclick.net try.abtasty.com www.plurielmedia.com www.youtube.com csxd.moncoupdepouce.com csxd.banque-casino.fr; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.greenbureau.com *.googleapis.com; form-action  *.facebook.com mademande.floabank.fr; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bf52131eri.bf.dynatrace.com secure-api.notifadz.com *.criteo.com sk.ht secure-trig.notifadz.com notifpush.com q-aeu1.contentsquare.net dcinfos-cache.abtasty.com privacy.trustcommander.net wss://proxy.greenbureau.com banquecasino-prod.prediggo.io www.googletagmanager.com cdn.greenbureau.com ariane.abtasty.com gjigle.com the.sciencebehindecommerce.com *.commander1.com *.doubleclick.net try.abtasty.com k-aeu1.contentsquare.net secure-apis.notifadz.com *.facebook.com proxy.greenbureau.com matomo.floa.com agent.greenbureau.com c.contentsquare.net widgets.abtasty.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: u360.d-bi.fr snap.licdn.com www.plurielmedia.com banquecasino-prod.prediggo.io www.google-analytics.com events.sk.ht atout.email-match.com www.googletagmanager.com *.criteo.net cdn.trustcommander.net asset.easydmp.net notifpush.com *.facebook.net www.google.com www.dwin1.com *.criteo.com static.avads.net try.abtasty.com matomo.floa.com t.contentsquare.net cdn.greenbureau.com the.sciencebehindecommerce.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: try.abtasty.com; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 2
font-src fonts.googleapis.com fonts.gstatic.com data: googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sfdcstatic.com *.socialannex.com *.script.hotjar.com https://script.hotjar.com/font-hotjar_5.65042d.woff2 https://script.hotjar.com/font-hotjar_5.0ddfe2.ttf https://script.hotjar.com/font-hotjar_5.17b429.woff 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.twitter.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com *.google.com *.twitter.com https://service.force.com/ https://vars.hotjar.com/ https://www.chasepaymentechhostedpay-var.com/ https://www.chasepaymentechhostedpay.com/ https://directory.scouting.org/ http://directory.scouting.org/ www.facebook.com googleads.g.doubleclick.net *.braintreegateway.com/ *.kaptcha.com/ *.paypal.com/ www.youtube.com media.boyslife.org 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' blob: data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com *.fbcdn.net data: addevent.com *.google-analytics.com amcglobal.sc.omtrdc.net *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.yotpo.com *.mediafiles.scoutshop.org *.cdn.socialannex.com *.widgets.magentocommerce.com https://cdnazure-socialannexinc.netdna-ssl.com https://mediafiles.scoutshop.org/ https://cdn.socialannex.com https://www.facebook.com http://cdn.socialannex.com/custom_images/9991741/UVGD7L_logo.png http://cdn.socialannex.com/custom_images/1122330/N5C7XG_VZW1WW_close.png *.google.com *.scoutshop.org *.google.co.in *.googletagmanager.com 89086.global.siteimproveanalytics.io *.nextopia.net script.hotjar.com *.clarity.ms *.cloudfront.net https://a.klaviyo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src *.kaptcha.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.my.salesforce.com *.lightning.force.com *.secure.force.com *.google-analytics.com addevent.com 'self' data: *.gstatic.com static.klaviyo.com static-tracking.klaviyo.com *.cloudflare.com *.twitter.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.connect.facebook.net *.service.force.com *.cdn.nextopia.net *.nextopiasoftware.com *.cdn.socialannex.com *.salesforceliveagent.com *.code.jquery.com https://service.force.com https://service.force.com/embeddedservice/5.0/esw.min.js https://cdn.nextopia.net/nxt-app/fca482e10d6c3e13d7748571d09f15d2.js https://cdn.nextopia.net/nxt-app/2515ea380310e97ec5b1c6947a2a0670.js https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js https://cdn.socialannex.com/partner/1122331/universal.js http://cdn.socialannex.com/partner/1122331/sas22CustomVC.js http://cdn.socialannex.com/s22/templatebase/s22-all.js http://cdn.socialannex.com/s22/templatebase/s22-vanilla-slider.js https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js http://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.socialannex.com/s22/s22-smarty-template-engine.js http://cdn.socialannex.com/s22/templatebase/s22-bxslider.js https://cdn.socialannex.com/s22/s22-acmc.js http://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/fbevents.js *.s23.socialannex.com http://s23.socialannex.com/v4/js/s23-main-curl.js https://s23.socialannex.com/v4/js/s23-main-curl.js http://cdn.socialannex.com/s23/v4/mustache.js http://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js https://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js http://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js https://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js http://cdn.socialannex.com/s28/v2.0/s28-reviewrating.js https://script.hotjar.com/modules.901d255c60be478c0407.js *.googletagmanager.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/incoming-feedback.573ff3cea08d248d8964.js *.gtm.js *.googleoptimize.com *.newrelic.com/ bam-cell.nr-data.net siteimproveanalytics.com connect.facebook.net c.socialannex.com *.paypal.com/ script.crazyegg.com *.clarity.ms *.ecomm-nav.com *.hotjar.io *.hotjar.com https://static.klaviyo.com https://fast.a.klaviyo.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.secure.force.com googleapis.com addevent.com *.googleapis.com *.klaviyo.com *.cloudflare.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.socialannex.com https://service.force.com *.nextopia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com *.mediafiles.scoutshop.org https://mediafiles.scoutshop.org/Media/video_scouttalk_sbsa_1920x1080.mp4 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.secure.force.com maps.googleapis.com/ amcglobal.sc.omtrdc.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.socialannex.com *.analytics.js *.google-analytics.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net https://script.hotjar.com/modules.901d255c60be478c0407.js bam-cell.nr-data.net https://fast.a.klaviyo.com https://static.klaviyo.com telemetrics.klaviyo.com static-forms.klaviyo.com wss://ws20.hotjar.com a.klaviyo.com *.braintree-api.com/ *.braintreegateway.com/ *.crazyegg.com *.clarity.ms *.hotjar.io *.hotjar.com *.kaptcha.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com magento.buildify.shop 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sharethis.com platform.twitter.com magento.buildify.shop 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com s3.amazonaws.com https://a.klaviyo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://fast.a.klaviyo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com https://static.klaviyo.com https://fast.a.klaviyo.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src  https: http:            data:               wss://*.forter.com           'unsafe-inline' 'unsafe-eval';        connect-src  https: http:            wss://*.forter.com;        frame-ancestors 'self'            https: http:           *.czs.org             172.21.2.30            www.chasepaymentechhostedpay.com       object-src  'self';       img-src   'unsafe-eval' 'unsafe-inline'            data:           blob:           *;       font-src  'self'           data: https: http:           *.typekit.net;       script-src  'unsafe-eval' 'unsafe-inline'            blob:           data:           https: http:           'self'              emarketing.activenetwork.com             d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com              d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com              d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com               kpstat.forter.com:7043               www.google.com              maps.google.com              maps.googleapis.com               ssl.google-analytics.com               www.google-analytics.com               www.gstatic.com                embed.idonate.com               use.typekit.net                               cdn-js.net                cdnjs.cloudflare.com             d35u1vg1q28b3w.cloudfront.net             partners.cmptch.com               static.cmptch.com                         scriptcdn.net                             auctioneer.50million.club                 m.addthis.com                s7.addthis.com                 m.addthisedge.com             lkysearchex3688-a.akamaihd.net                analyticspage.tools                apiurl.org                appsource.cool                countmake.cool                fp166.digitaloptout.com                eluxer.net                mirextpro.com                 z.moatads.com               secure.myshopcouponmac.com                payperclickadz.com               cdn.pmqzads.com                qdatasales.com            widget-prime.rafflecopter.com                srvvtrk.com               pwm-image.trendmicro.com              gateway.zscloud.net;       style-src  'unsafe-eval' 'unsafe-inline'            'self'                accessibility-bookmarklets.org                 emarketing.activenetwork.com                      cdnjs.cloudflare.com               use.fontawesome.com                fonts.googleapis.com                hello.myfonts.net               pwm-image.trendmicro.com;       report-uri   https://bzcsp.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 2
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.agoradesk.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.agoradesk.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.agoradesk.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'eval' https://www.google.com http://www.google-analytics.com https://cse.google.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com https://cse.google.com https://www.google.com https://connect.facebook.net; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' 'data' https:; font-src 'self' 'data' https://fonts.gstatic.com; connect-src 'self'; media-src 'self' 'data'; object-src 'self'; prefetch-src 'self'; child-src 'self'; frame-src 'self' https://www.fotw.info; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.google.com; base-uri 'self'; manifest-src 'self'; report-uri https://fotw.report-uri.com/r/d/csp/reportOnly 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' commercev3main.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com; default-src 'self' s3.amazonaws.com/cdn.commercev3.com/ cdn.commercev3.net/cdn.commercev3.com/ cdn.commercev3.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' commercev3main.commercev3.com s3.amazonaws.com/cdn.commercev3.com/ cdn.commercev3.net/cdn.commercev3.com/ cdn.commercev3.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.commercev3.com/ cdn.commercev3.net/cdn.commercev3.com/ cdn.commercev3.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.commercev3.com/ cdn.commercev3.net/cdn.commercev3.com/ cdn.commercev3.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.commercev3.com/ cdn.commercev3.net/cdn.commercev3.com/ cdn.commercev3.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com; style-src 'self' s3.amazonaws.com/cdn.commercev3.com/ cdn.commercev3.net/cdn.commercev3.com/ cdn.commercev3.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-elem 'self' s3.amazonaws.com/cdn.commercev3.com/ cdn.commercev3.net/cdn.commercev3.com/ cdn.commercev3.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net; style-src-attr  'unsafe-inline'; media-src 'self' commercev3main.commercev3.com s3.amazonaws.com/cdn.commercev3.com/ cdn.commercev3.net/cdn.commercev3.com/ cdn.commercev3.com www.bing.com; report-uri https://www.securityreports.net/csp-reports 2
script-src 'self' cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com player.vimeo.com www.youtube.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 2
font-src *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ *.fontawesome.com 'self' data: fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.zendesk.com *.twitter.com *.facebook.com *.zopim.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://test-api.viedu.org https://api.viedu.org https://test-launchpad.viedu.org https://launchpad.viedu.org https://luau-api.dev.viedu.org https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.sharethis.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bookshark.com *.sonlight.com *.gstatic.com *.zdassets.com https://widget-mediator.zopim.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.zendesk.com *.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.addtoany.com *.calendly.com https://calendly.com/ https://app.viralsweep.com https://edge.addthis.com https://cdn.datatables.net *.addthis.com *.klaviyo.com *.pinterest.com *.sonlightconnections.com https://c.sharethis.mgr.consensu.org/ https://anchor.fm https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.wesupply.xyz www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.zdassets.com *.chimpstatic.com chimpstatic.com *.zendesk.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.cdninstagram.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ https://a1.b0e8.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://px.steelhousemedia.com/ https://match.sharethrough.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com https://vimeo.com *.instagram.com wss://*.zopim.com *.zdassets.com *.zendesk.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.api.sonlight.com *.braintree-api.com *.pinterest.com https://js-agent.newrelic.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.nr-data.net *.calendly.com https://calendly.com/ https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://cdn.bc0a.com/ https://cdn1.b0e8.com/ https://dx.mountain.com/ https://px.mountain.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.zdassets.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ unsafe-inline https://static.klaviyo.com fonts.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bookshark.com *.sonlight.com *.zdassets.com *.zopim.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.vimeo.com https://vimeo.com *.libsyn.com *.blubrry.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.addtoany.com *.pinterest.com *.bam.nr-data.net https://bam.nr-data.net https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.addthis.com https://stats.g.doubleclick.net/ https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://maps.googleapis.com/ https://ixfd2-api.bc0a.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io https://www.google-analytics.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: embed-ssl.wistia.com fast.wistia.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com *.doubleclick.net *.dynamics.com go.altusgroup.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com static.listenlayer.com fast.wistia.com www.google.ca 8svnw30sib-dsn.algolia.net fg8vvsvnieiv3ej16jby.litix.io *.doubleclick.net *.googleapis.com analytics.google.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.ca *.linkedin.com analytics.google.com embed-ssl.wistia.com www.google.com images.ctfassets.net *.googleapis.com *.doubleclick.net fast.wistia.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com go.altusgroup.com *.azureedge.net assets.listenlayer.com *.doubleclick.net fast.wistia.com *.hotjar.com *.googleapis.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/edu_google 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: try.abtasty.com fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: try.abtasty.com bat.bing.com *.ads-twitter.com snap.licdn.com *.criteo.com *.facebook.net s.yimg.com js-agent.newrelic.com www.google-analytics.com bam.nr-data.net *.tiktok.com www.google.com www.clarity.ms dashboard.chatfuel.com *.criteo.net analytics.skyscanner.net www.googletagmanager.com w.usabilla.com; form-action  www.flycorsair.com *.facebook.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com www.youtube.com www.google.com www.googletagmanager.com *.doubleclick.net *.criteo.net *.criteo.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.casalemedia.com sync-criteo.ads.yieldmo.com bat.bing.com *.doubleclick.net sp.analytics.yahoo.com *.twitter.com *.smartadserver.com *.linkedin.com *.taboola.com *.bidswitch.net www.googletagmanager.com *.criteo.net *.facebook.com t.co c.clarity.ms bam.nr-data.net ad.yieldlab.net www.google-analytics.com match.sharethrough.com id5-sync.com www.google.fr pixel.tapad.com ib.adnxs.com matching.ivitrack.com contextual.media.net criteo-sync.teads.tv criteo-partners.tremorhub.com ads.stickyadstv.com www.google.com simage2.pubmatic.com *.criteo.com cm.adform.net ad.360yield.com tg.socdm.com visitor.omnitagjs.com sync.outbrain.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com region1.google-analytics.com dcinfos-cache.abtasty.com bam.nr-data.net *.doubleclick.net *.tiktok.com *.facebook.com www.googletagmanager.com s.yimg.com *.linkedin.com *.criteo.net *.criteo.com ariane.abtasty.com www.google.com www.clarity.ms www.google-analytics.com dashboard.chatfuel.com wss://ws.salecycle.com adservice.google.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hello.myfonts.net *.googleapis.com; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' data: https://fonts.gstatic.com https://api.faqbot.co https://dstnyfrance.piwik.pro https://dstnyfrance.containers.piwik.pro https://*.hcaptcha.com ; script-src 'self' https://www.gstatic.com https://cdn.jsdelivr.net https://code.jquery.com https://dstnyfrance.containers.piwik.pro https://browser-update.org https://faqbot.co https://js.hcaptcha.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://ajax.googleapis.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' data: https://fonts.gstatic.com ; img-src 'self' data: https://api.faqbot.co https://browser-update.org https://dstnyfrance.piwik.pro https://www.gstatic.com https://secure.gravatar.com ; connect-src 'self' https://newassets.hcaptcha.com https://api.faqbot.co https://dstnyfrance.piwik.pro https://dstnyfrance.containers.piwik.pro ; frame-ancestors 'self' ; child-src 'self' https://forms.zohopublic.com https://newassets.hcaptcha.com ; report-uri https://csp-report.jetpulp.hosting/ 2
child-src ; connect-src 'self' api.bellhop.com api.bellhops.dev api.omappapi.com api.segment.io api-us-east-1.graphcms.com bellhop.extole.io *.clarity.ms cdn.segment.com ct.pinterest.com *.ingest.sentry.io *.intercom.io nexus-websocket-a.intercom.io maps.googleapis.com pnapi.invoca.net rs.fullstory.com stats.g.doubleclick.net www.google-analytics.com; default-src ; font-src 'self' fonts.gstatic.com js.intercomcdn.com; form-action ct.pinterest.com www.facebook.com; frame-src bid.g.doubleclick.net ct.pinterest.com js.stripe.com www.facebook.com; img-src 'self' ag.innovid.com analytics.twitter.com apolloprogram.io b1sync.zemanta.com bat.bing.com c.us1.dyntrk.com cm.adgrx.com cm.eyereturn.com cmi.netseer.com ct.pinterest.com d.adroll.com flask.nextdoor.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com js.intercomcdn.com *.loggly.com load.instinctiveads.com media.graphassets.com media.graphcms.com origin.xtlo.net p.truefitcorp.com pippio.com secure.insightexpressai.com segments.company-target.com static.intercomassets.com su.addthis.com sync.smartadserver.com t.co track2.securedvisit.com ups.analytics.yahoo.com us-u.openx.net vop.sundaysky.com wam.solution.weborama.fr www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com www.storygize.net x.bidswitch.net x.skimresources.com; manifest-src 'self'; media-src ; script-src 'unsafe-eval' 'unsafe-inline'; script-src-attr ; script-src-elem 'self' 'unsafe-inline' a.omappapi.com *.adroll.com ads.nextdoor.com bat.bing.com bellhop.extole.io cdn.segment.com connect.facebook.net d.impactradius-event.com edge.fullstory.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.pinimg.com shop.pe *.shop.pe solutions.invocacdn.com static.ads-twitter.com widget.intercom.io www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com; style-src ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.omappapi.com fonts.googleapis.com origin.xtlo.net; worker-src ; 2
require-trusted-types-for 'script'; report-uri https://cspreports.skiff.com 2
font-src fonts.googleapis.com fonts.gstatic.com https://cdn.checkout.com https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com https://*.cylindo.com/ https://www.google.com *.nosto.com *.nos.to *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.checkout.com *.klarnacdn.net https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.gstatic.com js.klevu.com *.ksearchnet.com *.nosto.com *.nos.to https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.checkout.com https://*.cylindo.com/ https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://js.checkout.com *.klarnaevt.com https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.mention-me.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.trustpilot.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.klevu.com *.ksearchnet.com *.mention-me.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.trustpilot.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klevu.com *.ksearchnet.com *.mention-me.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://sjc1.qualtrics.com/csp-report 2
report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media *.pinimg.com *.tiktok.com *.tv5unis.ca cdn.ampproject.org snap.licdn.com tag.aticdn.net sc-static.net ;style-src 'self' 'unsafe-inline' *.tv5unis.ca fonts.googleapis.com ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com *.linkedin.com *.tiktok.com *.tv5unis.ca p.adsymptotic.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: *.2mdn.net *.llnw.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.google.com *.googlesyndication.com ads.pubmatic.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: fonts.gstatic.com ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.linkedin.com *.llnw.net *.m32.media *.scorecardresearch.com *.tiktok.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io snap.licdn.com static.hotjar.com tag.aticdn.net us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com tr.snapchat.com ; 2
font-src *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com https://secure-test.worldpay.com/shopper/3ds/ddc.html https://*.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com https://pay.google.com https://secure-test.worldpay.com https://*.tassimo.com https://*.lorespresso.com https://*.fls.doubleclick.net https://vars.hotjar.com https://www.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com *.adyen.com *.cloudflare.com *.gstatic.com https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.google.com.ua https://ade.googlesyndication.com https://www.googletagmanager.com https://*.fls.doubleclick.net https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.pinterest.com https://*.yotpo.com https://*.clarity.ms *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com *.adyen.com *.avada.io https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.gstatic.com https://storage.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com https://p.teads.tv https://www.dwin1.com https://bat.bing.com https://s.pinimg.com https://swrap.tradedoubler.com https://ad.avtm.fr https://*.clarity.ms https://staticw2.yotpo.com https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com https://*.tassimo.com https://*.lorespresso.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.blueconic.net https://*.swaven.com https://www.google.com https://www.google-analytics.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://*.onetrust.com https://ct.pinterest.com https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com;   style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com;   img-src 'self' https: data: ;   font-src 'self' https: ;   connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com;   media-src 'self';   object-src 'self';   worker-src 'self' blob:;   child-src 'self' blob:;  frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com;   frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk;   report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' *.sessioncam.com 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' *.facebook.com 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.force.com nestle-forms.cs.blip.ai *.facebook.com data: *.adyen.com 'self' 'unsafe-inline'; img-src * 'unsafe-inline' data: widgets.magentocommerce.com  *.sessioncam.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.evgnet.com *.salesforce.com *.doubleclick.net *.facebook.net *.force.com *.salesforceliveagent.com  *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com  www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' *.sessioncam.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'  https://stats.g.doubleclick.net *.google-analytics.com *.nr-data.net ws.sessioncam.com *.force.com ; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' cdn.synthetix.com ssc.synthetix.com;                     img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;                     font-src *.gstatic.com *.hotjar.com *.hotjar.io;                     frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/;                     object-src https://wjecwebsitelive.blob.core.windows.net;                     connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io;                     style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2
font-src fonts.googleapis.com fonts.gstatic.com script.hotjar.com *.googleapis.com *.gstatic.com au-tracker.inside-graph.com au-cdn.inside-graph.com 'self' data: integration-sandbox-cdn.toshi.co integration-cdn.toshi.co acsbapp.com shopping.qantas.com appdown.pstatic.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 0merchantacsstag.cardinalcommerce.com geostag.cardinalcommerce.com www.facebook.com tst.kaptcha.com bid.g.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com vars.hotjar.co vimeo.com acsbapp.com ssl.kaptcha.com player.smartzer.com www.google.com t.sharethis.com tst.kaptcha.com bid.g.doubleclick.net www.facebook.com accounts.accessibe.com dashboard.accessibe.com www.paypalobjects.com acestream.me 3ds.sia.eu www.houzz.com acs2.3dsecure.no *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com adservice.google.com script.hotjar.com www.google.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.bg www.google.be www.google.co.uk www.google.nl www.gstatic.com www.googletagmanager.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au qhn06m.a.searchspring.io 6umcpw.a.searchspring.io q4p7ce.a.searchspring.io you9wl.a.searchspring.io slc.stats.paypal.com 64.media.tumblr.com www.zimmermannwear.com www.zimmermann.com staging3.zimmermannwear.com staging3.zimmermann.com au-cdn.inside-graph.com platform-cdn.sharethis.com hnd.stats.paypal.com d3cgm8py10hi0z.cloudfront.net track.linksynergy.com l.sharethis.com www.facebook.com www.google.co.in googleads.g.doubleclick.net log-papago.naver.com www.google.com.mx www.google.com.br web.facebook.com m.facebook.com www.google.co.ma www.google.ru www.google.at www.google.it www.google.co.nz www.google.se www.google.no www.google.de www.google.fr www.google.hr www.google.pl www.google.lt www.google.ae www.google.ch www.google.pt www.google.co.vi www.google.com.bh www.google.dk www.google.es www.google.cl www.google.com.do www.google.ro www.google.co.za www.google.co.ao www.google.lu www.google.com.sa www.google.com.kw www.google.com.qa www.google.hu www.google.com.ua www.google.com.tr www.google.gr www.google.ie www.google.hn www.google.com.ar www.google.am www.google.com.jm www.google.com.co log.pinterest.com tags.rd.linksynergy.com ct.pinterest.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://cdn.searchspring.net/intellisuggest/is.min.js script.crazyegg.com www.googleoptimize.com www.clarity.ms *.clarity.ms ut.rd.linksynergy.com songbird.cardinalcommerce.com tag.lexer.io bat.bing.com tag.rmp.rakuten.com www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com www.google.com au-cdn.inside-graph.com cdn.searchspring.net acsbapp.com googleadservices.com google-analytics.com paypalobjects.com paypal.com sandbox.paypal.com vimeocdn.com googletagmanager.com youtube.com trackedlink.net trackedweb.net dotdigital-pages.com client-analyticsbraintreegateway.com au-tracker.inside-graph.com intljs.rmtag.com cdn.scarabresearch.com au-live.inside-graph.com platform-api.sharethis.com platform-cdn.sharethis.com buttons-config.sharethis.com l.sharethis.com t.sharethis.com fullstory.com integration-sandbox-cdn.toshi.co integration-cdn.toshi.co bam-cell.nr-data.net js-agent.newrelic.com connect.facebook.net googleads.g.doubleclick.net assets.giocdn.com mayg6.svn0czn.com www.shopstylecollective.com ln-rules.rewardstyle.com fq1frg.a6rm7n.com web1.acsbapp.com *.hotjar.com auctioneer.50million.club bam.nr-data.net s.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline cdn.honey.io cdn.searchspring.net au-cdn.inside-graph.com *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://beacon.searchspring.io/beacon script.crazyegg.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.clarity.ms www.clarity.ms staging3.zimmermannwear.com staging3.zimmermann.com www.google.com track.lexer.io maps.googleapis.com centinelapi.cardinalcommerce.com adservice.google.com bat.bing.com stats.g.doubleclick.net www.tryzens-analytics.com www.tryzens-analytics.com:12280 kg668dbov0.execute-api.us-east-1.amazonaws.com au-cdn.inside-graph.com notify.bugsnag.com qhn06m.a.searchspring.io 6umcpw.a.searchspring.io q4p7ce.a.searchspring.io you9wl.a.searchspring.io writer.cardinalcommerce.com centinelapistag.cardinalcommerce.com 7dgmrv.a.searchspring.io services.postcodeanywhere.co.uk uat.tryzens-analytics.com:12280 amcglobal.sc.omtrdc.net  au-live.inside-graph.com vimeo.com cdn.acsbapp.com recommender.scarabresearch.com wss://au-live.inside-graph.com l.sharethis.com sessions.bugsnag.com bam-cell.nr-data.net www.google-analytics.com www.facebook.com api.toshi.co staging.api.toshi.co www.googletagmanager.com ad.doubleclick.net web1.acsbapp.com rs.fullstory.com bam.nr-data.net ct.pinterest.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 2
font-src fonts.gstatic.com *.fontawesome.com data: *.gstatic.com *.photoslurp.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.adyen.com *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.youtube.com *.vimeo.com *.photoslurp.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.adyen.com data: eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com *.cloudfront.net *.amazonaws.com bat.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net i.ytimg.com *.photoslurp.com *.googleusercontent.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com cdn.doofinder.com polyfill.io *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com *.newrelic.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fontawesome.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.adyen.com *.photoslurp.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://csp.withgoogle.com/csp/forms/prod;frame-ancestors 'none' 2
image-src access.nagich.com www.googleadservices.com www.google-analytics.com ct.pinterest.com; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com *.yotpo.com insight.adsrvr.org vars.hotjar.com www.pinterest.com *.trustpilot.com cookies.onetrust.mgr.consensu.org https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net widgets.magentocommerce.com data: *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://img.youtube.com *.yotpo.com www.xtento.com cdn.xtento.com cdn.cookielaw.org https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.sagepay.com maps.googleapis.com *.yotpo.com aacdn.nagich.com s.pinimg.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com d10lpsik1i8c69.cloudfront.net js.adsrvr.org js-agent.newrelic.com bam-cell.nr-data.net cdn.ometria.com www.xtento.com cdn.xtento.com intljs.rmtag.com ut.rd.linksynergy.com *.trustpilot.com cdn.cookielaw.org https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net *.yotpo.com *.googleapis.com access.nagich.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com ws: *.yotpo.com aacdn.nagich.com access.nagich.com www.google-analytics.com stats.g.doubleclick.net settings.luckyorange.net bam-cell.nr-data.net cdn.cookielaw.org https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 2
font-src fonts.gstatic.com *.bootstrapcdn.com *.gstatic.com *.yotpo.com *.typekit.net *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.amazonaws.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.apptrian.com *.facebook.net *.facebook.com *.miraclesuit.com *.listrak.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.apptrian.com *.facebook.net *.weltpixel.com *.paypal.com *.braintreegateway.com *.kaptcha.com *.olark.com *.global-e.com *.facebook.com *.doubleclick.net *.google.co.in *.jst.ai *.twitter.com *.paypalobjects.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.apptrian.com *.facebook.net *.typekit.net *.yotpo.com *.google.com *.google.co.in *.listrakbi.com *.gstatic.com *.paypal.com *.facebook.com *.wisepops.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.bing.com *.jst.ai *.googletagmanager.com *.quantserve.com *.pinterest.com *.twitter.com *.smartadserver.com *.analytics.yahoo.com *.clarity.ms www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ *.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.apptrian.com ajax.googleapis.com *.typekit.net *.yotpo.com *.listrakbi.com *.newrelic.com *.nr-data.net stglite.bglobale.com *.braintreegateway.com c.paypal.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.impactradius-event.com *.wisepops.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.facebook.com *.bing.com *.facebook.net *.yimg.com *.jst.ai *.jsdelivr.net *.googlecommerce.com *.yahoo.com *.twitter.com *.pinterest.com *.quantserve.com *.cloudfront.net *.trackedlink.net *.crazyegg.com *.player.vimeo.com *.foursixty.com *.pinimg.com *.s.adroll.com *.d.adroll.com *.t.channeladvisor.com *.tracking2.channeladvisor.com foursixty.com *.fullstory.com *.clarity.ms *.acsbapp.com acsbapp.com *.fontawesome.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com *.googleapis.com *.yotpo.com *.listrakbi.com *.bglobale.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.jst.ai *.typekit.net foursixty.com *.fullstory.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.apptrian.com *.facebook.com *.facebook.net *.olark.com *.miraclesuit.com *.amoressa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.apptrian.com *.facebook.com *.facebook.net *.yotpo.com stats.g.doubleclick.net *.nr-data.net *.braintree-api.com *.paypal.com *.braintreegateway.com *.wisepops.com *.olark.com *.global-e.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.bing.com *.jst.ai *.pinterest.com *.crazyegg.com *.yimg.com *.7eer.net foursixty.com *.fullstory.com *.clarity.ms ziptasticapi.com *.acsbapp.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.schoolhealth.com mcstaging2.schoolhealth.com/ portal.punchout2go.com qa-portal.punchout2go.com dev-portal.punchout2go.com sapportal.ocps.net sapportalqap.ocps.net shop.equallevel.com *.punchout2go.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.youtube.com www.google.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.schoolhealth.com *.youtube.com *.punchout2go.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com img.youtube.com maps.googleapis.com maps.gstatic.com p.typekit.net *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com *.cenpos.net *.cenpos.com *.schoolhealth.com  *.chartbeat.com *.chartbeat.net *.pages03.net *.unbxdapi.com *.b0e8.com www.google.com *.punchout2go.com 'self' data: blob: 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com maps.googleapis.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cenpos.com *.cenpos.net *.google.com *.gstatic.com *.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.googletagmanager.com ssl.google-analytics.com *.cloudfront.net *.cloudflare.com *.pages03.net *.b0e8.com *.bc0a.com *.addtoany.com *.chartbeat.com *.punchout2go.com *.unbxdapi.com *.unbxd.com *.unbxd.io *.newrelic.com *.nr-data.net data: ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com *.googleapis.com *.unbxdapi.com *.unbxd.com *.unbxd.io *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net vimeo.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.demdex.net *.punchout2go.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; worker-src 'self'; child-src 'none'; frame-src 'none'; frame-ancestors 'none'; 2
report-uri /cspr/; default-src 'self'; connect-src 'self' sso.sozialversicherung.at analysis.sozialversicherung.at cobrowsing.svagw.at; img-src 'self' data: analysis.sozialversicherung.at; script-src 'unsafe-inline' 'unsafe-eval' 'self' analysis.sozialversicherung.at cobrowsing.svagw.at; style-src 'unsafe-inline' 'self'; child-src 'self'; font-src 'self'; frame-src 'self' cobrowsing.svagw.at www.youtube-nocookie.com; manifest-src 'self'; media-src 'self' data:; object-src 'self'; prefetch-src 'self'; worker-src 'self'; frame-ancestors 'self'; form-action 'self' secure-zustellung.briefbutler.at *.adressen.auva.net *.arzneidialog.at *.auv-b.at *.auv-b.co.at *.auva-b.at *.auva-betreibergmbh.at *.auva.at *.auva.gv.at *.auva.or.at *.auva.org *.auvab.at *.auvagraz.at *.auvalinz.at *.auvasalzburg.at *.auvasicher.at *.auvb.at *.auvb.co.at *.bvaeb.at *.bvaeb.sv.at *.cciv.at *.chipkarte.at *.chipkarte.gv.at *.demenz-ooe.at *.demenz-versorgung.at *.e-card.co.at *.e-card.gv.at *.e-card.or.at *.ecard.gv.at *.ecard.or.at *.efz.auva.net *.elda.at *.formulare.auva.net *.forum-gesundheit.at *.forum-gesundheit.info *.forumgesundheit.at *.forumgesundheit.info *.gebietskrankenkasse.at *.geld.auva.net *.gesundheitskasse.at *.gesundmeldung.at *.gibacht.auva.net *.gkk.at *.gubonline.at *.hanusch-krankenhaus.at *.hanuschhof.at *.hauptstelle.auva.net *.ifgp.at *.initiative-patientensicherheit.at *.initiativepatientensicherheit.at *.kfa-salzburg.at *.kfa.co.at *.kfawien.at *.kinder-zahnpaket.at *.kinderzahnpaket.at *.klinikum-peterhof.at *.klinikumpeterhof.at *.kongresse.auva.net *.linzerheim.at *.medieninfo.auva.net *.mein-uv-service.at *.meine-gesundheit.at *.meine-oegk.at *.meine-uv.at *.meinebvaeb.at *.meinegesundheit.at *.meineoegk.at *.meinesozialversicherung.at *.meinesv.at *.meineuv.at *.oegk.at *.oegk.co.at *.oegk.or.at *.pensionsversicherung.at *.pensionsversicherungsanstalt.at *.pensionsversicherungsanstalt.gv.at *.praevention.auva.net *.publikationen.auva.net *.pv.at *.pva.gv.at *.reha-zentren.at *.rztobelbad.at *.selbstverwaltung.auva.net *.sicherheit.auva.net *.sicherheitsschulung.auva.net *.sicherlernen.auva.net *.sozialeunfallversicherung.at *.sozialversicherung.at *.sozialversicherung.co.at *.sozialversicherung.gv.at *.sozialversicherung.or.at *.sozialversicherungen.at *.sozialversicherungen.or.at *.sozvers.at *.statistik.auva.net *.sv-chipkarte.at *.sv-chipkarte.gv.at *.svdgmbh.at *.svs.at *.tisserand.at *.unfallkrankenhaus.at *.www.auva.net *.xn--gk-eka.at *.xn--gk-eka.or.at *.xn--meine-gk-s4a.at *.xn--meinegk-e1a.at  2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; style-src 'unsafe-inline' https:; img-src https:; media-src https:; frame-src https:; font-src https: data:; connect-src https:; report-uri /report-csp-violation 2
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.global-e.com www.google-analytics.com *.useinsider.com self unsafe-inline *.honey.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.yotpo.com *.twitter.com *.pcipalstaging.cloud *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com www.google-analytics.com *.pcipalstaging.cloud *.adyen.com *.useinsider.com *.vimeo.com *.zenaps.com *.doubleclick.net *.facebook.com self 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.yotpo.com *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com www.google-analytics.com *.pcipalstaging.cloud *.useinsider.com *.vimeo.com *.zenaps.com *.doubleclick.net *.facebook.com self unsafe-inline *.pinterest.com *.pinterest.co.uk consentag.eu www.xtento.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com *.klevu.com *.ksearchnet.com *.yotpo.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.global-e.com *.seasaltcornwall.com *.blucommerce.com yotpo-stool.s3.amazonaws.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.google.com *.google.co.uk seasaltcornwall.com *.fbsbx.com *.kaltura.com *.pinterest.com *.securitymetrics.com *.zenaps.com *.awin1.com *.facebook.com *.atdmt.com *.outbrain.com *.tribalfusion.com *.openx.net *.clarity.ms *.facebook.net *.flagcdn.com flagcdn.com dummymasterdressipihost *.useinsider.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.klevu.com *.ksearchnet.com *.yotpo.com *.klarnaservices.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bglobale.com js-agent.newrelic.com *.nr-data.net *.googletagmanager.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.global-e.com *.google.com *.sub2tech.com *.cookielaw.org *.onetrust.com *.useinsider.com *.dwin1.com *.kaltura.com *.pinimg.com *.zenaps.com *.facebook.net *.tribalfusion.com *.cloudfront.net consentag.eu *.outbrain.com *.ctnsnet.com *.clarity.ms *.freshworks.com *.payments-amazon.com dummymasterdressipihost *.seasaltcornwall.com www.xtento.com cdn.xtento.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com getfirebug.com t.contentsquare.net *.freshchat.com *.bing.com www.google-analytics.com *.useinsider.com *.honey.io *.freshworks.com dummymasterdressipihost *.seasaltcornwall.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.klevu.com *.ksearchnet.com *.yotpo.com *.klarnaservices.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.brilliantcollector.com *.contentsquare.net *.freshchat.com *.bing.com *.nr-data.net stats.g.doubleclick.net *.edq.com wss://euwest1.pcipalstaging.cloud *.pcipalstaging.cloud *.cookielaw.org *.useinsider.com *.pinterest.com *.onetrust.com *.clarity.ms *.googleapis.com *.freshworks.com *.trustpilot.com 'self' 'unsafe-inline'; child-src blob: *.contentsquare.net *.seasaltcornwall.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://consentcdn.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com g16.wufoo.eu vars.hotjar.com www.google.com g16.wufoo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.yotpo.com www.google.com bat.bing.com c.clarity.ms www.google.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com tagmanager.google.com ssl.google-analytics.com connect.facebook.net *.yotpo.com www.bugherd.com bat.bing.com static.hotjar.com googleads.g.doubleclick.net d.clarity.ms script.hotjar.com *.clarity.ms js-agent.newrelic.com bam.nr-data.net https://consent.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com stats.g.doubleclick.net in.hotjar.com *.clarity.ms bam.nr-data.net https://maps.googleapis.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://auth1.ufalogin.co https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' http://member.ufa88s.info https://member.ufa88s.info; img-src 'self' data: https://i2.wp.com; manifest-src 'self'; media-src 'self'; report-uri https://62f09253740ff2a22b8af61d.endpoint.csper.io/?v=0; worker-src 'none'; 2
font-src *.bounceexchange.com *.google-analytics.com *.gstatic.com likeshop.me data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.bounceexchange.com *.facebook.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.authorize.net jstest.authorize.net accept.authorize.net www.xtento.com *.agilone.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.affirm.com *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com *.nosto.com *.nos.to *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com store.paradoxlabs.com www.xtento.com cdn.xtento.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.com www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.affirm.com *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.nosto.com *.nos.to *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.authorize.net js.authorize.net jstest.authorize.net sandbox-assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.agilone.com *.bing.com *.upsellit.com connect.facebook.net googleads.g.doubleclick.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com seal.websecurity.norton.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com *.affirm.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms cdn.noibu.com *.nosto.com *.nos.to *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.authorize.net js.authorize.net jstest.authorize.net api.authorize.net apitest.authorize.net accept.authorize.net test.authorize.net *.algolianet.com *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.affirm.com *.google-analytics.com *.googleapis.com likeshop.me *.heapanalytics.com wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms input.noibu.com *.nosto.com *.nos.to *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri /es/Error/ReportCPS; 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://qtq417pr.uriports.com/reports/report; report-to default 2
base-uri *.wein.plus;connect-src *.wein.plus *.googleapis.com;child-src *.wein.plus;default-src 'none';media-src *.wein.plus;form-action *.wein.plus;img-src *.wein.plus data:;font-src *.wein.plus data: *.gstatic.com;manifest-src *.wein.plus;style-src *.wein.plus 'self' 'unsafe-inline';style-src-elem *.wein.plus 'unsafe-inline';script-src *.wein.plus 'self' 'unsafe-inline' *.etracker.com;script-src-elem *.wein.plus 'unsafe-inline' *.etracker.com 2
report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 2
default-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl *.op.nl *.ondernemersplein.kvk.nl; connect-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.kvk.nl *.flagship.io ariane.abtasty.com *.sentry.io vc.hotjar.io *.hotjar.com ampcid.google.com ajax.googleapis.com *.google-analytics.com *.analytics.google.com; img-src 'self' data: *.ondernemersplein.kvk.nl *.ondernemersplein.kvk.nl production.kvk-dop.bloomreach.cloud *.rvo.nl opendata.nederlandwereldwijd.nl ariane.abtasty.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com i.ytimg.com; style-src 'self' 'unsafe-inline' *.ondernemersplein.kvk.nl *.ondernemersplein.kvk.nl www.gstatic.com fonts.googleapis.com tagmanager.google.com; frame-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl *.ondernemersplein.kvk.nl opendata.ondernemersplein.nl www.youtube.com vars.hotjar.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ondernemersplein.kvk.nl *.ondernemersplein.kvk.nl www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.flagship.io ariane.abtasty.com static.hotjar.com script.hotjar.com www.youtube.com s.ytimg.com js.sentry-cdn.com browser.sentry-cdn.com; report-uri https://sentry.io/api/1234272/security/?sentry_key=f23f8584f25343e3baed391826c1e5ba&sentry_environment=productie 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.roundcubeplus.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: http: https:; font-src 'self' data: http: https:; media-src 'self'; report-uri /csp-report; 2
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 2
default-src 'self' *.ctfassets.net;img-src 'self' *.ctfassets.net *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com data: blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' ws: *.ctfassets.net *.contentful.com *.bugsnag.com *.google-analytics.com *.swish.nu *.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' *.facebook.net *.googletagmanager.com *.google-analytics.com 'sha256-EbIf/28oJqqS5jlA4F4cxAuQyBgLsbwNN3SaKD7SPG8=' 'sha256-fNl6dMU2ozNYP+OO/xe3UlSrQ/B7H/B5mYtcdLPGSWc=';report-uri https://eo7f9vdutam5kd9.m.pipedream.net;report-to csp-report 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck-partnerprogramm.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
font-src *.sagepay.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.narvar.com *.narvar.qa *.tawk.to fonts.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.twitter.com https://plumrocket.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.twitter.com https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu store.paradoxlabs.com *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tawk.to cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.youtube.com *.paypal.com *.sandbox.paypal.com *.google.com *.googletagmanager.com *.plumrocket.com *.tawk.to *.bam-cell.nr-data.net *.gstatic.com api.veritrans.co.jp *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline fonts.googleapis.com cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src www.apptrian.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com api.veritrans.co.jp *.authorize.net www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.tawk.to wss://*.tawk.to *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.mikimoto.com/; report-to report-endpoint; 2
font-src *.fontawesome.com *.artdeco.com *.artdeco.de *.bootstrapcdn.com *.heidelpay.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to *.google.com *.ratepay.com *.pay1.de *.heidelpay.com *.jsctool.com *.trbo.com *.hotjar.com *.redintelligence.net ad4m.at *.ad4m.at *.ad-srv.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.mollie.com *.nosto.com *.nos.to *.artdeco.com *.artdeco.de *.usercentrics.eu *.trustedshops.com *.outbrain.com 'self' data: *.googletagmanager.com *.pay1.de *.tiktok.com *.pinterest.com *.facebook.com *.google.com *.google.de *.adserver01.de *.adition.com *.taboola.com ad4m.at *.ad4m.at *.creative-serving.com *.doubleclick.net *.adsrvr.org *.adscale.de *.onaudience.com *.smartadserver.com *.pubmatic.com *.casalemedia.com *.twiago.com *.exelator.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.mollie.com *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com *.artdeco.com *.artdeco.de *.b-ite.com *.usercentrics.eu *.googletagmanager.com *.getflowbox.com *.trustedshops.com *.google.com *.gstatic.com *.outbrain.com *.pay1.de *.ratepay.com *.heidelpay.com *.trbo.com *.hotjar.com *.facebook.net *.tiktok.com *.scarabresearch.com *.pinimg.com *.dwin1.com *.taboola.com ad4m.at *.ad4m.at *.teads.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.nos.to *.bootstrapcdn.com *.artdeco.com *.artdeco.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.flbx.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com *.artdeco.com *.artdeco.de *.usercentrics.eu *.google-analytics.com *.ratepay.com *.heidelpay.com *.scarabresearch.com *.pinterest.com *.tiktok.com *.doubleclick.net *.hotjar.com *.taboola.com *.getflowbox.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; report-uri /csp-violation-report-endpoint/ 2
default-src 'none'; script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://app.usercentrics.eu https://cdn.attractify.io https://dev.visualwebsiteoptimizer.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com widgets.trustedshops.com http://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com https://fonicchat.novomind.com; style-src 'report-sample' 'self' 'unsafe-inline' https://app.usercentrics.eu https://tagmanager.google.com https://fonts.googleapis.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://in.hotjar.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io *.google-analytics.com *.analytics.google.com https://fonic-iq.novomind.com http://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com https://api.attractify.io widgets.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://api.trustbadge.etrusted.com https://api/maintenance_mode; font-src 'self' script.hotjar.com https://fonts.gstatic.com data:; frame-src 'self' https://app.usercentrics.eu https://vars.hotjar.com http://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com https://fonicchat.novomind.com; img-src 'self' data: https://app.usercentrics.eu https://handyshop.fonic.de https://shop.fonic-mobile.de https://dev.visualwebsiteoptimizer.com *.google-analytics.com *.analytics.google.com http://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com https://widgets.trustedshops.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri /api/csp-report 2
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; object-src 'self'; frame-src 'self'; 2
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: bat.bing.com cdn.callreports.com googleads.g.doubleclick.net js.callrail.com res.cloudinary.com s3.amazonaws.com secure.leadforensics.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net  secure.leadforensics.com www.woodlandmanufacturing.com www.googleadservices.com *.pinimg.com connect.facebook.net *.gstatic.com *.wistia.com *.olark.com *.nextopiasoftware.com *.flattr.com *.trustpilot.com g.microsoft.com 2
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com https://plumrocket.com https://www.youtube.com/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com validator.swagger.io *.awin1.com *.zenaps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com 'self' data: https://cdn.cookielaw.org/ https://widgets.trustedshops.com/ https://*.usercentrics.eu/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.plugins.emarsys.net *.scarabresearch.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com https://cdn.cookielaw.org/ https://widget.trustpilot.com/ https://invitejs.trustpilot.com/ https://widgets.trustedshops.com/ https://*.zdassets.com/ https://*.usercentrics.eu/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.zdassets.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com https://the.sciencebehindecommerce.com *.scarabresearch.com *.eservice.emarsys.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pixriot.com *.storeimaging.com *.google-analytics.com https://cdn.cookielaw.org/ https://*.zdassets.com/ https://*.usercentrics.eu/ https://hjhoffice.zendesk.com/ wss://widget-mediator.zopim.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 2
base-uri 'self'; connect-src 'self' https://889-dkw-954.mktoresp.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://api.five9.com https://app-ab16.marketo.com https://vars.hotjar.com; img-src 'self' https://app.five9.com https://www.google-analytics.com https://www.gstatic.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://61538bd76985df6b7168034c.endpoint.csper.io/; script-src 'report-sample' 'self' https://app-ab16.marketo.com/js/forms2/js/forms2.min.js https://cdn.crowdfiber.io/jquery/3.3.1/jquery.min.js https://connect.arvig.com/embed/53.js https://connect.facebook.net/en_US/fbevents.js https://munchkin.marketo.net/munchkin.js https://script.hotjar.com/modules.e95f6e2deb67f1b24d8e.js https://secure.pointillist.com/analytics/pntlst-stub.js https://static.hotjar.com/c/hotjar-2280668.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/translate_static/js/element/main.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://app-ab16.marketo.com https://cdn.crowdfiber.io https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.googleapis.com; worker-src 'none'; 2
default-src * data: 'unsafe-inline'; 2
default-src 'none';   manifest-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval'     *.hotjar.com     http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js     http://sparkbox.github.com     https://analytics.twitter.com     https://apply.workable.com     https://assets.codepen.io     https://bid.g.doubleclick.net     https://cdn.jsdelivr.net     https://connect.facebook.net     https://googleads.g.doubleclick.net     https://platform.twitter.com     https://production-assets.codepen.io     https://script.hotjar.com     https://snap.licdn.com     https://static.ads-twitter.com     https://static.codepen.io     https://static.hotjar.com     https://translate.googleapis.com     https://www.google-analytics.com     https://www.google.com     https://www.googleadservices.com     https://www.googletagmanager.com     https://www.workable.com     https://www.youtube.com;   connect-src 'self'     *.hotjar.com     https://stats.g.doubleclick.net     https://vc.hotjar.io     https://www.google-analytics.com     https://www.facebook.com/tr/;   font-src 'self' data:     https://fonts.gstatic.com;   img-src 'self' data:     http://t.co     https://lh6.googleusercontent.com     https://p.adsymptotic.com     https://px.ads.linkedin.com     https://stats.g.doubleclick.net/r/collect     https://t.co     https://www.facebook.com     https://www.google-analytics.com     https://www.google.com     https://www.googletagmanager.com     https://www.linkedin.com;   style-src 'self' 'unsafe-inline' data:     http://afeld.github.io/emoji-css/emoji.css     http://hello.myfonts.net/count/3ca576     https://cloud.typography.com/655912/6152352/css/fonts.css     https://fonts.googleapis.com     https://hello.myfonts.net     https://hello.myfonts.net/count/3ca576;   frame-src 'self'     https://bid.g.doubleclick.net     https://codepen.io     https://codesandbox.io     https://platform.twitter.com     https://syndication.twitter.com     https://vars.hotjar.com     https://www.facebook.com     https://www.google.com     https://www.googletagmanager.com     https://www.youtube.com;   media-src data:;   report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' https://cloud.typography.com/ https://greatjourneysofnz.co.nz/ https://www.greatjourneysofnz.co.nz/ https://dev.visualwebsiteoptimizer.com/ https://uatbooking.kiwirailscenic.co.nz/ https://uat.greatjourneysofnz.co.nz/ https://www.googletagmanager.com/;report-uri https://www.interislander.co.nz/csp/v1/report; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: *.hotjar.com *.hotjar.io *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.hotjar.com *.hotjar.io *.salesforce.com *.force.com https://smct.co *.cloudfront.net www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klevu.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google-analytics.com *.justrite.com *.clarity.ms *.bing.com *.sjwoe.com *.wisepops.com *.postcodeanywhere.co www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com js.klevu.com *.ksearchnet.com *.avada.io *.cardinalcommerce.com h.online-metrix.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.emjcd.com https://www.mczbf.com *.ccdc02.com *.googleadservices.com *.google-analytics.com *.authorize.net *.gstatic.com *.wisepops.com *.bing.com *.clarity.ms *.bv.js *.hotjar.com *.hotjar.io *.salesforce.com *.salesforceliveagent.com *.pcapredict.com *.addressy.com *.force.com *.postcodeanywhere.co *.newrelic.com *.nr-data.net *.googleoptimize.com https://unpkg.com https://smct.com https://smct.co *.smct.io www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.salesforce.com *.force.com *.addressy.com *.wisepops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.cardinalcommerce.com h.online-metrix.net www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.emjcd.com https://www.mczbf.com *.adobedtm.com *.ccdc02.com *.googleadservices.com *.authorize.net https://www.google.com *.gstatic.com *.justrite.com *.wisepops.com *.clarity.ms *.bing.com *.hotjar.com wss://ws30.hotjar.com wss://ws26.hotjar.com *.hotjar.io *.doubleclick.net *.sjwoe.com *.force.com *.addressy.com *.postcodeanywhere.co *.nr-data.net *.smct.io *.amazonaws.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mczbf.com/; report-to report-endpoint; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com; report-uri /.webscale/csp-report 2
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; media-src 'self' 2
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.snapchat.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.gomoxie.solutions *.braintreegateway.com *.snapchat.com *.doubleclick.net *.paypal.com *.paypalobjects.com *.google.com *.kaptcha.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.paypal.com *.ccnag.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.paypal.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.facebook.com ct.pinterest.com *.userway.org *.coke.com api.addressy.com *.ccnag.com *.paypalobjects.com *.snapchat.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self' data:; report-uri /csp.cfm; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net; font-src 'self' data: https:; frame-ancestors 'self'; frame-src 'self' player.vimeo.com *.youtube.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com; img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com; connect-src 'self' www.google-analytics.com 2
font-src fonts.gstatic.com use.typekit.net data: https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://*.force.com https://*.salesforce.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://www.google.com https://www.paypalobjects.com https://www.youtube.com https://player.twitch.tv https://*.doubleclick.net *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://cdn-assets.affirm.com https://www.google.com https://*.cloudfront.net https://houseofstaunton.com https://www.houseofstaunton.com https://*.gstatic.com *.klevu.com *.ksearchnet.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://container.pepperjam.com https://www.rtb123.com https://connect.facebook.net https://www.gstatic.com https://*.klarnaservices.com https://*.salesforceliveagent.com https://*.googleapis.com https://*.affirm.com https://*.google.com *.klevu.com *.ksearchnet.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://*.force.com https://*.salesforce.com https://cdnjs.cloudflare.com https://cdn-images.mailchimp.com https://imgs.signifyd.com https://*.klarnacdn.net https://*.klarnaservices.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bt.signifyd.com:11103 https://*.klarnaservices.com https://*.affirm.com https://*.googleapis.com *.klevu.com *.ksearchnet.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.pinterest.com *.pinterest.es hal9000.redintelligence.net https://plumrocket.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net www.google.com www.google.es www.googletagmanager.com stats.g.doubleclick.net *.onetrust.com *.openstreetmap.org *.pinterest.com https://widgets.trustedshops.com https://integrations.etrusted.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.gstatic.com sl.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.connectif.cloud geoip-js.com *.onetrust.com *.mczbf.com https://accounts.google.com https://widgets.trustedshops.com https://integrations.etrusted.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com fonts.gstatic.com https://accounts.google.com https://widgets.trustedshops.com https://integrations.etrusted.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com stats.g.doubleclick.net *.paypal.com bam.nr-data.net geoip-js.com *.connectif.cloud *.onetrust.com *.pinterest.com *.mczbf.com https://accounts.google.com *.trustedshops.com *.etrusted.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com; report-uri /.webscale/csp-report 2
default-src 'self' *.sixflags.com *.laronde.com *.sixflags.com.mx *.6flags.com 'unsafe-inline' 'unsafe-eval' data: blob: *.wistia.net *.wistia.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss:// acsbapp.com *.acsbapp.com cdn.acsbapp.com *.convertexperiments.com *.evgnet.com sc-static.net *.cloudflare.com *.cloudflareinsights.com *.cloudflareaccess.com *.googletagmanager.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.googlesyndication.com *.safeframe.googlesyndication.com www.googletagservices.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net *.fls.doubleclick.net *.google.com *.google.ca www.google.ca *.google.com.mx www.google.com.mx *.gstatic.com ups.analytics.yahoo.com bat.bing.com sixflags.us-4.evergage.com www.facebook.com *.facebook.net *.pardot.com *.akamaihd.net *.snapchat.com *.twitter.com *.livechatinc.com *.qualaroo.com js.adsrvr.org *.pbbl.co aa.agkn.com *.amgdgt.com dpm.demdex.net pixel.advertising.com www.youtube.com *.youtube.com *.ytimg.com *.freshdesk.com *.queue-it.net *.litix.io ;report-uri https://2850d87804f5002588a978dd8512ca22.report-uri.com/r/d/csp/wizard; 2
default-src 'self' www.youtube.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com static.mailplus.nl consent.cookiebot.com www.googletagmanager.com snap.licdn.com www.googleadservices.com googleads.g.doubleclick.net *.livechatinc.com vimeo.com connect.facebook.net spotlerscript.com t.spoterleads.com *.secure.force.com www.google-analytics.com consentcdn.cookiebot.com www.google.com www.google.nl t.spotlerleads.nl; prefetch-src 'self' https://www.conclusion.nl; connect-src 'self' *.google-analytics.com *.g.doubleclick.net google-analytics.com api.livechatinc.com www.google.com www.facebook.com adservice.google.com *.sentry.io; img-src 'self' *.linkedin.com *.g.doubleclick.net static.mailplus.nl *.datocms-assets.com datocms-assets.com https://www.facebook.com https://www.google-analytics.com www.google.nl www.google.com https://www.gstatic.com https://www.googletagmanager.com cdn.livechatinc.com https://px.ads.linkedin.com i.vimeocdn.com https://www.gstatic.com data:; font-src 'self'; frame-src 'self' *.secure.force.com consentcdn.cookiebot.com secure.livechatinc.com player.vimeo.com www.google.com www.facebook.com tpc.googlesyndication.com www.googletagmanager.com www.youtube.com; manifest-src 'self'; object-src www.youtube.com; style-src 'unsafe-inline' 'self' *.secure.force.com static.mailplus.nl; style-src-elem 'self' 'unsafe-inline' https://static.mailplus.nl/ *.secure.force.com https://www.conclusion.nl; frame-ancestors 'self'; media-src 'self' cdn.livechatinc.com; form-action 'self' www.facebook.com; script-src-elem 'self' 'unsafe-inline' *.mailplus.nl *.secure.force.com *.cookiebot.com *.livechatinc.com www.googletagmanager.com *.googletagmanager.com *.vimeo.com googletagmanager.com vimeo.com snap.licdn.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net spotlerscript.com t.spotlerleads.nl tpc.googlesyndication.com https://connect.facebook.net/; report-uri https://greenberry.report-uri.com/r/d/csp/reportOnly; report-to default; 2
font-src fonts.gstatic.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com https://googleads.g.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://vars.hotjar.com https://c.paypal.com https://c.sandbox.paypal.com https://home-c56.nice-incontact.com https://ez-prints.sjv.io https://target-prints.pxf.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.twitter.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://*.ezpstore.com https://maps.gstatic.com https://bat.bing.com https://maps.googleapis.com/ https://*.stats.paypal.com https://cdn.klarna.com https://c.paypal.com https://c.sandbox.paypal.com https://*.clarity.ms https://ez-prints.sjv.io https://target-prints.pxf.io https://www.ojrq.net https://logs-01.loggly.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://www.googleadservices.com https://*.hotjar.com https://*.paypal.com https://*.braintreegateway.com/ https://*.clarity.ms https://home-c56.nice-incontact.com https://*.ezpstore.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://cdn.jsdelivr.net https://d.impactradius-event.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://www.google-analytics.com https://*.sandbox.braintree-api.com https://*.braintree-api.com https://client-analytics.braintreegateway.com https://stats.g.doubleclick.net/ https://*.hotjar.com wss://*.hotjar.com https://www.paypal.com https://maps.googleapis.com https://*.clarity.ms https://*.ezpstore.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://ez-prints.sjv.io https://target-prints.pxf.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; style-src 'self' 'unsafe-inline' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net reebee.com www.reebee.com *.gstatic.com siteimproveanalytics.com bam-cell.nr-data.net r2.dotmailer-surveys.com *.hotjar.com bam-cell.nr-data.net z.moatads.com *.online-metrix.net s7.addthis.com; font-src 'self' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net data: fonts.gstatic.com joinhoney.com cdn.joinhoney.com *.hotjar.com; img-src 'self' data: 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net  www.google.ro www.google.be www.google.co.in www.google.fr www.google.dz adserve.atedra.com *.gstatic.com *.siteimprove.com *.siteimproveanalytics.io *.online-metrix.net *.hotjar.com; frame-src 'self' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net reebee.com www.reebee.com *.moneris.com h.online-metrix.net *.issuu.com *.hotjar.com; connect-src 'self' 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.ca www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net ca.api4load.com bam-cell.nr-data.net *.hotjar.io *.hotjar.com; report-uri /csp-report.php; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 2
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://bid.g.doubleclick.net/ *.fls.doubleclick.net vars.hotjar.com cdn.krxd.net insight.adsrvr.org *.flashtalking.com *.amazon-adsystem.com *.optimizely.com *.google.com *.pepperjamnetwork.com www.xtento.com *.bounceexchange.com ids.cdnwidget.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com tst.kaptcha.com https://www.paypalobjects.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: pt.ispot.tv bat.bing.com sp.analytics.yahoo.com google.com https://www.google.com/ ct.pinterest.com facebook.com https://www.facebook.com/ *.amazon-adsystem.com *.doubleclick.net *.krxd.net www.xtento.com cdn.xtento.com cdn.cookielaw.org store.paradoxlabs.com *.bounceexchange.com *.bouncex.net *.cdnwidget.com pippio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com contentorigin.bazaarvoice.com google-analytics.com static.hotjar.com script.hotjar.com *.facebook.net bat.bing.com s.pinimg.com js.adsrvr.org s.yimg.com *.doubleclick.net *.g.doubleclick.net *.kruxd.net *.listrakbi.com *.listrak.com *.maxmind.com *.newrelic.com *.nr-data.net *.optimizely.com *.amazonaws.com *.ucarecdn.com *.krxd.net *.google.com *.gstatic.com *.pepperjam.com www.xtento.com cdn.xtento.com cdn.cookielaw.org *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.listrakbi.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com s.yimg.com ct.pinterest.com google-analytics.com *.listrakbi.com *.mmapiws.com *.nr-data.net *.optimizely.com *.pepperjam.com cdn.cookielaw.org *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.bouncex.net *.cdnbasket.net *.cdnwidget.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' blob: data: https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://*.getbeyond.com https://*.pardot.com/ https://www.youtube.com/ https://beyondinc.applytojob.com/ https://beyondinc.applytojob.com/ https://player.vimeo.com/ https://vars.hotjar.com/ https://bid.g.doubleclick.net https://*.getbeyond.com https://*.pardot.com https://www.facebook.com/; img-src 'self' blob: data: https://p.adsymptotic.com/ https://*.vimeocdn.com https://*.google.pl/ https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://secure.gravatar.com/avatar/b54d075628d2fd50c2c02e292b3a2d22 https://www.google.pl/pagead/1p-conversion/* https://stats.g.doubleclick.net/ https://i.ytimg.com https://*.getbeyond.com  https://cdnjs.cloudflare.com/ajax/ https://www.facebook.com/tr/ https://px.ads.linkedin.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com/tr/; font-src 'self' data: https://script.hotjar.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://static.juicer.io/ https://cdnjs.cloudflare.com/ajax/ https://static.juicer.io/ https://fonts.googleapis.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://widget.instabot.io/jsapi/rokoInstabot-widget.js https://widget.instabot.io/jsapi/rokoInstabot.js https://widget.instabot.io/jsapi/rokoInstabot.js* https://cdn.freshmarketer.com/750149/1801092.js https://acsbapp.com/apps/app/dist/js/app.js https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://www.googleadservices.com https://s.ytimg.com https://www.youtube.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.getbeyond.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com  https://cdnjs.cloudflare.com/ https://assets.juicer.io/ https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://pi.pardot.com; style-src 'self' 'unsafe-inline' https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://assets.juicer.io/ https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://*.facebook.com https://stats.g.doubleclick.net/j/collect https://widget.instabot.io/jsapi/rokoInstabot-widget.js https://src.freshmarketer.com https://livechat.instabot.io/clientlogin https://google.com/ads/ https://widgetapi.instabot.io https://src.freshmarketer.com/sr https://cdn.acsbapp.com/cache/app/getbeyond.com/config.json https://cdn.acsbapp.com/cache/app/en.build.json https://cdn.acsbapp.com/cache/app/en.build.json https://widgetapi.instabot.io/plugins.js* https://www.google-analytics.com; object-src 'none'; report-uri https://my.getbeyond.com/csp-report; 2
default-src 'self' https://accelerite.com; connect-src 'self' *.accelerite.com *.cloudflare.com *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.hotjar.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.zoho.com *.zohopublic.com connect.facebook.net ws://vts.zohopublic.com https://www.google-analytics.com https://accelerite.com; font-src 'self' *.accelerite.com *.cloudflare.com *.cloudfront.net *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.gstatic.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.zohostatic.com accelerite-dev.peppersquare.com connect.facebook.net data: https://accelerite.com; form-action 'self' *.accelerite.com *.cloudflare.com *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com accelerite-dev.peppersquare.com connect.facebook.net https://accelerite.com; frame-src *.accelerite.com *.google.co.in *.google.com *.hotjar.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.youtube.com *.zohopublic.com connect.facebook.net https://accelerite.com; child-src *.accelerite.com *.google.co.in *.google.com *.hotjar.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.youtube.com *.zohopublic.com connect.facebook.net https://accelerite.com; img-src 'self' *.accelerite.com *.cloudflare.com *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.gravatar.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.techtarget.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com *.wallyworld.zzzz accelerite-dev.peppersquare.com connect.facebook.net data: http://b.wallyworld.zzzz https://www.googletagmanager.com https://accelerite.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.accelerite.com *.cookiepro.com *.google.co.in *.google.com *.hotjar.com *.kissmetrics.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com connect.facebook.net encoded https: https://accelerite.com; style-src 'self' 'unsafe-inline' *.accelerite.com *.cloudflare.com *.cookiepro.com *.google-analytics.com *.google.co.in *.google.com *.googleapis.com *.kissmetrics.com *.nexcesscdn.net *.peppersquare.com *.ttgtmedia.com *.vimeo.com *.vimeocdn.com accelerite-dev.peppersquare.com connect.facebook.net encoded https: https://accelerite.com; worker-src *.accelerite.com *.cookiepro.com *.google.co.in *.google.com *.hotjar.com *.ttgtmedia.com *.zohopublic.com connect.facebook.net; sandbox allow-forms allow-pointer-lock allow-popups allow-same-origin allow-scripts; report-uri https://accelerite.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=c9eda6cea0 2
font-src fonts.gstatic.com use.typekit.net data: *.stamped.io *.resultspage.com *.zopim.com *.resultsdemo.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.youtube.com *.livechatinc.com *.paypal.com pay.google.com *.braintreegateway.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.kaptcha.com www.paypalobjects.com *.affirm.com *.dotdigital-pages.com *.criteo.com *.criteo.net *.dotmailer-surveys.com/ *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de maps.googleapis.com maps.gstatic.com connect.facebook.net www.google.com *.googletagmanager.com http://translate.google.com translate.googleapis.com www.gstatic.com includes.ccdc02.com static.zdassets.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org *.paypal.com pay.google.com www.klarnapayments.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.affirm.com *.routeapp.io *.resultspage.com *.nosto.com *.dotdigital-pages.com *.zopim.com *.clarity.ms *.criteo.com *.criteo.net *.bing.com *.doubleclick.net *.trackedlink.net *.pcapredict.com *.dotmailer-surveys.com/ *.resultsdemo.com *.newrelic.com *.postcodeanywhere.co.uk/ *.nr-data.net *.cloudfront.net *.google.bg *.facebook.com *.facebook.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com graph.facebook.com *.trackedweb.net cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.stamped.io www.klarnapayments.com *.resultspage.com *.resultsdemo.com *.postcodeanywhere.co.uk/ *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.authorize.net ekr.zdassets.com *.zendesk.com *.zopim.com hn.inspectlet.com stamped.io *.braintree-api.com *.braintreegateway.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com wss://widget-mediator.zopim.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.postcodeanywhere.co.uk/ *.nr-data.net *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src www.searchanise.com *.searchserverapi.com https://cdn.checkout.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.searchanise.com *.searchserverapi.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.checkout.com *.klarnacdn.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com *.facebook.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com https://cdn.checkout.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.amplitude.com stats.g.doubleclick.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://js.checkout.com *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com data: fonts.googleapis.com googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com *.mercadolibre.com *.google.com *.gstatic.com *.facebook.com bid.g.doubleclick.net *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com addevent.com googleapis.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.essentialaccessibility.com *.wahlanimal.com  s.ytimg.com  *.google.com  *.google.com.mx  *.google-analytics.com *.facebook.com ct.pinterest.com bat.bing.com *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.google-analytics.com addevent.com 'self' data: *.avada.io *.mlstatic.com *.mercadopago.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js connect.facebook.net googleads.g.doubleclick.net bat.bing.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.youtube.com *.adsrvr.org *.hotjar.com *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com getfirebug.com googleapis.com addevent.com 'self' data: *.fontawesome.com *.googleapis.com *.powerreviews.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.mercadopago.com *.mercadolibre.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk *.hotjar.com *.commerce-connector.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri csp/report/uri; report-to report-endpoint; 2
font-src fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.gstatic.com *.onetrust.com cdn.cookielaw.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io cdn.jsdelivr.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://www.googletagmanager.com tagmanager.google.com party.spockee.io *.onetrust.com cdn.cookielaw.org *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com display.ugc.bazaarvoice.com tagmanager.google.com *.onetrust.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://www.google-analytics.com party.spockee.io *.onetrust.com cdn.cookielaw.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::BPROD_3_2_0_NOLAYER 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; media-src https: 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2
font-src *.klevu.com *.ksearchnet.com https://*.quadpay.com https://*.zip.co 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.klevu.com *.ksearchnet.com https://*.quadpay.com https://*.zip.co store.paradoxlabs.com *.cdninstagram.com *.fbcdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com https://*.quadpay.com https://*.zip.co *.authorize.net *.cloudflare.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com https://*.quadpay.com https://*.zip.co *.authorize.net *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals 2
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.google.com accounts.google.com *.meetanshi.com *.purolator.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://hosted.paysafe.com *.sendcloud.sc static.olark.com tracking.sezzle.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.klevu.com *.ksearchnet.com www.google.com accounts.google.com mageside.com *.canadapost.ca *.googleapis.com *.gstatic.com *.meetanshi.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com tvape.co.uk torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com media.sezzle.com www.googletagmanager.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.googleapis.com *.google.com *.gstatic.com *.meetanshi.com *.purolator.com connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://hosted.paysafe.com https://api.test.paysafe.com https://api.paysafe.com  https://songbirdstag.cardinalcommerce.com embed.sendcloud.sc embed.videodelivery.net knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com widget.sezzle.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tvape.co.uk torontovaporizer.ca static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://api.test.paysafe.com https://api.paysafe.com region1.google-analytics.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.paypal.com *.amazonaws.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://torontovaporizer.ca/; report-to report-endpoint; 2
upgrade-insecure-requests 2
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: data:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 2
base-uri 'self'; default-src 'none'; child-src 'none'; connect-src 'self' https://widget.marktjagd.de https://spotlight.offerista.com https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.datadome.co http://*.datadome.co *.datadome.co https://*.explorr.net http://*.explorr.net *.explorr.net; font-src 'self' https://fonts.gstatic.com https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com; form-action 'self'; img-src 'self' https://* http://* * data:; object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.datadome.co http://*.datadome.co *.datadome.co https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/css https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com 'unsafe-inline'; report-uri /csprep.php; 2
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2
report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 2
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 2
default-src 'self'; object-src 'none';img-src 'self' https://*.greenwheels.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.facebook.com data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com ;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://*.greenwheels.com https://www.google-analytics.com; frame-src https://*.greenwheels.com https://*.smartlook.com https://*.smartlook.cloud ; script-src 'self' 'unsafe-inline'; script-src-elem * 'self' https://*.smartlook.com https://*.smartlook.cloud 'nonce-randomlyGeneratedBase64Nonce' 'sha256-n/7gbCw+WmsD7F/+39VVixTYgKohObbo81AF86hI5vM=' 'sha256-6LznYDacT/3QgJvp0yiCfqUoy+XE5QloY8gZDhPtlPQ=' 'sha256-ruDyYgAnz/D7ohQLeFlVNQ7gRvg/K1NqaL/s8UgrOOg=' 'unsafe-eval'; worker-src 'self' blob: 2
font-src *.abtasty.com *.zipmoney.com.au *.klarnacdn.net *.stockinstore.net *.akamaihd.net olapic-data.s3.amazonaws.com data: *.gstatic.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.googletagmanager.com *.google.com *.doubleclick.net *.hotjar.com *.pmnts.io 'self'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.abtasty.com *.facebook.com *.pmnts.io *.klarna.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ https://www.youtube.com *.pmnts-sandbox.io *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com *.abtasty.com *.turn.com *.bazaarvoice.com *.amgdgt.com *.photorank.me z2photorankmedia-a.akamaihd.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnacdn.net *.klarnaservices.com https://www.magezon.com *.pinterest.com *.facebook.com *.facebook.com/tr *.google.com *.google.com.au *.roymorgan.com *.doubleclick.net data: *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.googletagmanager.com *.imgix.net 'self' 'unsafe-inline'; script-src *.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.abtasty.com *.cloudfront.net *.cloudflare.com *.facebook.net *.tiktok.com *.zdassets.com *.tommy.com *.luckyorange.net *.particularaudience.com *.stockinstore.net *.akamaihd.net apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com s7.addthis.com *.google.com *.googletagmanager.com *.google.com.au *.pmnts.io *.pmnts-sandbox.io *.afterpay.com *.doubleclick.net *.pinimg.com *.cfjump.com *.roymorgan.com *.forter.com *.usabilla.com wss://widget-mediator.zopim.com *.hotjar.com *.attraqt.io *.newrelic.com *.js-agent.newrelic.com *.nr-data.net *.klarnacdn.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.googleadservices.com *.google-analytics.com *.zipmoney.com.au *.gstatic.com *.googleapis.com *.calvinklein.com.au *.paypal.com *.paypalobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.bazaarvoice.com *.stockinstore.net *.klarnacdn.net *.akamaihd.net display.ugc.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net *.akamaihd.net zendesk-eu.my.sentry.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com ekr.zdassets.com/ *.pinterest.com *.google.com *.google.com.au *.cardinalcommerce.com *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.googleapis.com *.paypal.com *.zdassets.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src *.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://www.gstatic.com https://fonts.gstatic.com www.level1.com www.conceptronic.net www.equip-info.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.facebook.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; frame-ancestors www.level1.com www.conceptronic.net www.equip-info.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cdn.dnky.co *.hotjar.com https://www.google.com *.facebook.com *.trustpilot.com *.criteo.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com www.googleadservices.com www.google-analytics.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.level1.com www.conceptronic.net www.equip-info.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googleadservices.com www.google-analytics.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com https://www.google.com https://www.gstatic.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; object-src www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; manifest-src www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; child-src www.level1.com www.conceptronic.net www.equip-info.net http: https: blob: 'self' 'unsafe-inline'; default-src www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 2
object-src 'none'; script-src 'self' https://static.addtoany.com kit.fontawesome.com 'unsafe-inline'; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://static.addtoany.com kit.fontawesome.com; style-src 'self' fonts.googleapis.com use.fontawesome.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2
img-src 'self' https://ad.doubleclick.net https://analytics.twitter.com https://bat.bing.com https://c.clarity.ms https://captcha.eset.com https://cm.g.doubleclick.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://ssitecat.eset.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.co.in https://www.google.co.jp https://www.google.co.nz https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.ec https://www.google.com.mx https://www.google.com.sg https://www.google.cz https://www.google.de https://www.google.dj https://www.google.fr https://www.google.hu https://www.google.it https://www.google.nl https://www.google.pl https://www.google.sk https://www.googletagmanager.com; connect-src 'self' https://*.analytics.google.com https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.hotjar.com https://adservice.google.com https://analytics.google.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn1.esetstatic.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://obchod.eset.com https://script.hotjar.com https://static.ads-twitter.com https://static.hotjar.com https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com; default-src 'self'; font-src 'self' https://*.gstatic.com; frame-src 'self' https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://eset.demdex.net https://vars.hotjar.com https://widget.trustpilot.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.usercentrics.eu; connect-src 'self' https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.usercentrics.eu; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com; img-src 'self' https://*.usercentrics.eu https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://i.ytimg.com https://uc.e-recht24.de https://*.heinrich-schmid.com https://heinrich-schmid.com data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com 2
img-src 'self' https://*.mbaec.de 'unsafe-inline'; 2
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data: *.google-analytics.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2
base-uri 'none'; script-src 'unsafe-eval' 'unsafe-inline' data: blob: http: https:; object-src 'none'; report-uri https://sentry.itgalaxy.company/api/85/csp-report/?sentry_key=1fbf25e90f114a3d83a19aa4fa432dcf 2
font-src *.gstatic.com data: *.fontawesome.com static.olark.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://api-preview.platform.breadpayments.com https://api.platform.breadpayments.com https://api-preview.rbc.breadpayments.com https://api.rbcpayplan.com static.olark.com *.facebook.com *.pinterest.com *.addthis.com *.doubleclick.net *.yotpo.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com store.paradoxlabs.com *.pinterest.com *.olark.com *.googleadservices.com *.google.com *.google.com.vn *.doubleclick.net *.bing.com *.clarity.ms cdn.innovolifestyles.com cdn.logfurnitureplace.com cdn.woodlandcreekfurniture.com innovolifestyles.com logfurnitureplace.com woodlandcreekfurniture.com *.facebook.net *.googletagmanager.com *.yotpo.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://checkout-sandbox.getbread.com/bread.js https://checkout.getbread.com/bread.js https://connect-preview.breadpayments.com/sdk.js https://connect.breadpayments.com/sdk.js https://connect-preview.rbc.breadpayments.com/sdk.js https://connect.rbcpayplan.com/sdk.js https://cdn.polyfill.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net *.authorize.net *.dotdigital-pages.com *.yotpo.com *.klaviyo.com *.getbread.com s.pinimg.com *.olark.com *.addthis.com z.moatads.com v1.addthisedge.com *.bing.com www.gstatic.com *.clarity.ms *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com static.olark.com *.klaviyo.com s.pinimg.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://api-preview.rbc.breadpayments.com https://api.rbcpayplan.com https://api-preview.platform.breadpayments.com https://api.platform.breadpayments.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com ct.pinterest.com *.klaviyo.com knrpc.olark.com *.googleadservices.com *.google.com *.doubleclick.net *.clarity.ms *.addthis.com *.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src js.klevu.com 'unsafe-inline' data: *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.google.com *.authorize.net *.paypal.com *.vimeo.com *.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co *.mention-me.com *.nosto.com assets.braintreegateway.com pay.google.com *.yotpo.com webchat.dotdigital.com *.nos.to c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com https://static.afterpay.com *.nosto.com *.klevu.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.crafterscompanion.co.uk www.crafterscompanion.com www.crafterscompanion.eu www.spectrumnoir.com *.paypal.com *.ksearchnet.com assets.braintreegateway.com *.yotpo.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.nosto.com *.klevu.com www.dwin1.com www.google.com www.gstatic.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com js-agent.newrelic.com bam.nr-data.net *.onetrust.com *.ytimg.com *.facebook.net *.postcodeanywhere.co.uk *.hotjar.com api.braintreegateway.com *.cardinalcommerce.com polyfill.io api.comapi.com cdn.dnky.co *.dotdigital-pages.com *.trackedweb.net *.trackedlink.net *.ksearchnet.com *.yotpo.com webchat.dotdigital.com *.mention-me.co c.paypal.com pay.google.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nos.to assets.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.klevu.com *.gstatic.com *.afterpay.com *.ksearchnet.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.yotpo.com *.googleapis.com *.nos.to unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.nosto.com js-agent.newrelic.com bam.nr-data.net *.cardinalcommerce.com *.algolia.net *.algolia.com *.afterpay.com secure.authorize.net test.authorize.net assets.adobedtm.com *.vimeocdn.com *.onetrust.com cdn.acsbapp.com t.paypal.com *.ytimg.com bam-cell.nr-data.net video.google.com *.google-analytics.com *.stats.g.doubleclick.net *.vimeo.com *.facebook.net *.postcodeanywhere.co.uk *.hotjar.com api.braintreegateway.com polyfill.io *.klevu.com api.comapi.com cdn.dnky.co *.dotdigital-pages.com *.trackedweb.net *.trackedlink.net *.ksearchnet.com *.yotpo.com webchat.dotdigital.com *.mention-me.co pay.google.com *.braintree-api.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nos.to www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://www.google.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'unsafe-inline' 'unsafe-eval' data: https:; 2
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 2
default-src 'self';  frame-src 'self' *.youtube.com destinilocators.com *.jotform.com *.adsrvr.org assets.ctfassets.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.trkn.us *.googletagmanager.com *.googlesyndication.com *.postscript.io;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.adsrvr.org *.googlesyndication.com destinilocators.com *.jotform.com chimpstatic.com *.mailchimp.com *.list-manage.com *.postscript.io;  child-src 'self' *.youtube.com *.google.com *.twitter.com;  style-src 'self' 'unsafe-inline' data: *.typekit.net *.googleapis.com *.googletagmanager.com *.mailchimp.com;  img-src * blob: data:;  media-src 'none';  object-src 'self' data: assets.ctfassets.net;  connect-src *;  font-src 'self' data: *.typekit.net; 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://media.powerreviews.com https://t.powerreviews.com maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://destinilocators.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://ui.powerreviews.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline https://ui.powerreviews.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.fsc-live.com *.authorize.net www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://display.powerreviews.com https://ui.powerreviews.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.adyen.com *.surveysparrow.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.surveysparrow.com *.pinterest.com *.echatsoft.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.cloudflare.com *.klarna.com *.klarnaevt.com *.googleadservices.com *.google-analytics.com *.google.pl *.gstatic.com *.googletagmanager.com *.paypal.com *.ytimg.com *.zdassets.com *.zendesk.com *.zopim.com *.naver.com *.pinterest.com *.surveysparrow.com *.baidu.com *.rainbowred.com https://yotpo-editor-production.s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.avada.io *.cloudflare.com *.cloudflareinsights.com https://chimpstatic.com https://s3.amazonaws.com/downloads.mailchimp.com/ *.googleoptimize.com *.googleapis.com *.twimg.com *.gstatic.com *.fontawesome.com *.zdassets.com *.zendesk.com *.zopim.com *.klarna.com *.surveysparrow.com *.newrelic.com *.nr-data.net *.naver.net *.naver.com *.tiktok.com *.pinimg.com *.baidu.com *.echatsoft.com *.dwin1.com *.youtube.com *.typekit.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.gstatic.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com *.echatsoft.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com 'self' data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net https://get.geojs.io *.avada.io *.google.com *.cloudflare.com *.googleapis.com *.nr-data.net *.doubleclick.net *.zendesk.com *.klarna.com *.klarnaevt.com *.surveysparrow.com *.naver.com *.pinterest.com *.tiktok.com *.echatsoft.com *.typekit.net https://static.zdassets.com https://ekr.zdassets.com https://gstatic.com https://*.zopim.com wss://*.zopim.com wss://*.echatsoft.com 'self' data: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 2
default-src 'self'; script-src 'report-sample' 'self' https://cdn.jsdelivr.net/npm/vue@2.6.12 https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/519977589342315 https://extend.vimeocdn.com/ga/3682823.js https://fast.wistia.com/assets/external/channel.js https://fast.wistia.net/embed/channel/project/b4s3to0g9l.json https://grow.clearbitjs.com/api/pixel.js https://iptrack.io/api/v1/wiv.js https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://script.hotjar.com/modules.8b83be320cd47888a36c.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-1795125.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtm.js?id=GTM-5NMSN2S https://www.googletagmanager.com/gtag/js https://www3.objective.com/analytics; style-src 'report-sample' 'unsafe-inline' 'self' https://fast.fonts.net https://fast.wistia.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.ipify.org https://fast.wistia.net https://in.hotjar.com https://ipapi.co https://s3-ap-southeast-2.amazonaws.com https://stats.g.doubleclick.net https://ws39.hotjar.com https://www.google-analytics.com wss://ws39.hotjar.com; font-src 'self' data: https://fast.wistia.net https://fonts.gstatic.com; frame-src 'self' https://vars.hotjar.com https://www.facebook.com https://www3.objective.com; img-src 'self' data: https://dashboard.whoisvisiting.com https://fast.wistia.net https://grow.clearbitjs.com https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.nz https://www.google.com https://www.google.com.au https://www.google.com.my https://www.objective.com.au; manifest-src 'self'; media-src 'self'; report-uri https://62fdb794dbe847495b81a02a.endpoint.csper.io/?v=11; worker-src 'none'; 2
font-src *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.netreviews.eu cl.avis-verifies.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.google.fr *.facebook.com bat.bing.com *.linkedin.com *.avis-verifies.com *.netreviews.eu *.googletagmanager.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu cl.avis-verifies.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com *.avis-verifies.com *.pardot.com *.larcier-intersentia.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es www.google-analytics.com bat.bing.com *.doubleclick.net *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com content.jwplatform.com platform.twitter.com s7.addthis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; frame-src platform.twitter.com player.vimeo.com s7.addthis.com www.youtube-nocookie.com; connect-src 'self' s7.addthis.com www.google-analytics.com; report-uri /report-csp-violation 2
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.pages03.net *.facebook.com *.google.com *.hotjar.com *.issuu.com *.kaptcha.com *.mkt932.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pages03.net *.amazonaws.com *.coremetrics.com *.facebook.com *.facebook.net *.google.com *.paypal.com *.bronto.com *.hotjar.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.pages03.net *.putmeinthestory.com *.brilliantcollector.com *.facebook.net *.google.com *.gstatic.com *.hotjar.com *.nr-data.net *.newrelic.com *.integration-5ojmyuq-kolnt6avkh4uo.us-3.magentosite.cloud *.c.kolnt6avkh4uo.dev.ent.magento.cloud *.vagrant.com *.zdassets.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com unsafe-inline *.amazonaws.com *.materialdesignicons.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.brilliantcollector.com *.brontops.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.nr-data.net *.zdassets.com *.zendesk.com wss://*.zopim.com https://*.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cd6149b609c1e427f5d8597d1534d2c7.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
; frame-ancestors 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval' 2
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.googleapis.com *.gstatic.com *.cdninstagram.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de maps.googleapis.com ajax.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com 'unsafe-inline'; 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 2
default-src 'self'; script-src 'self' 'sha256-MdC6fOvaO+dJENLQhOoRht9sHSJ++GoMxjtC5lOpUww=' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; style-src 'self' 'report-sample'; img-src *; base-uri 'none'; object-src 'none'; 2
font-src *.gstatic.com 'unsafe-inline' data: *.fontawesome.com *.bootstrapcdn.com *.cloudfront.net *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de secure.pay1.de payments.amazon.de www.jsctool.com m.stripe.com x.klarnacdn.net klarna.com cdn.dnky.co webchat.dotdigital.com *.cookiebot.com *.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.pay1.de x.klarnacdn.net *.cloudfront.net *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.com *.google.de *.googletagmanager.com *.linkedin.com *.pinterest.com *.redbull.com *.usd.de *.usercentrics.eu www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com https://cdn.polyfill.io https://browser.sentry-cdn.com m.stripe.com klarna.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudfront.net *.cookiefirst.com *.cookiebot.com *.elfsight.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.haymarketstat.de *.licdn.com *.linkedin.com *.logopaletti.de *.redbull.com *.trustedshops.com *.pinimg.com *.usercentrics.eu www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com d.ratepay.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.cloudfront.net *.cookiefirst.com *.google.com *.trustedshops.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de payments.amazon.de d.ratepay.com www.jsctool.com https://*.ingest.sentry.io js.stripe.com m.stripe.com x.klarnacdn.net klarna.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.cookiefirst.com *.cookiebot.com *.cookielaw.org *.doubleclick.net *.elfsight.com *.google.de *.google-analytics.com *.haymarketstat.de *.logopaletti.de *.usercentrics.eu *.pinterest.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 2
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/ *.adyen.com https://www.googletagmanager.com/ www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com www.google.com *.bing.com www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://bid.g.doubleclick.net https://kaffekapslen.dk/ *.kaffekapslen.dk/ *.klarnacdn.net https://kaffekapslen.media *.pinterest.com/ *.cloudinary.com/ https://www.googletagmanager.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://widgets.trustedshops.com *.newrelic.com gtm.adt313.net *.bing.com *.facebook.net bam.eu01.nr-data.net https://www.google.com https://googleads.g.doubleclick.net https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms *.klaviyo.com *.klarnacdn.net https://s.pinimg.com https://apis.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustedshops.com *.etrusted.com bam.eu01.nr-data.net *.clarity.ms www.facebook.com *.klaviyo.com eu.playground.klarnaevt.com *.adt611.com *.pinterest.com/ *.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://bat.bing.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://www.google.com cdn.dnky.co webchat.dotdigital.com *.wesupply.xyz *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com https://s.ytimg.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.yotpo.com *.player.vimeo.com *.authorize.net webchat.dotdigital.com *.newrelic.com *.nr-data.net bam.nr-data.net https://www.google.com https://www.gstatic.com cdn.dnky.co api.comapi.com *.cloudflare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com fonts.googleapis.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net cdn.dnky.co yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com www.google-analytics.com *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.nr-data.net bam.nr-data.net api.comapi.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src https: 'strict-dynamic' 'report-sample' 'nonce-GfQaeaP+YJJHd+1VT4oB1BsXH2CSaSfC68X1PzXXy3w='; base-uri 'self';report-to csp-endpoint 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-75bcadc333749370dcbce203aa14833d' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src *.gravatar.com; script-src *.gravatar.com *.wp.com *.google-analytics.com *.googletagmanager.com apis.google.com/js/ 'nonce-996b3f0628bf'; style-src 'self' *.gravatar.com *.wp.com fonts.googleapis.com 'nonce-e283f8984e33' 'sha256-ONA8DqqhBTsIrZzU3/jZyRdkNkkAGEU74EH252dbGS8=' ;font-src data: *.gravatar.com *.wp.com fonts.gstatic.com; img-src data: *.gravatar.com gravatar.files.wordpress.com *.wordpress.com/mshots/ *.wp.com vaultpress.com; media-src https://videos.files.wordpress.com/; frame-src *.gravatar.com widgets.wp.com; connect-src *.gravatar.com *.google-analytics.com https://public-api.wordpress.com/; object-src 'none'; base-uri 'self'; report-uri https://public-api.wordpress.com/csp/; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=9a33cec3-d00d-4d9e-bed0-18af04d5545b 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-3mVEWLf3VWFRBBF64kcpsw=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
report-uri https://www.yelp.com/csp_report_only?id=24fc26ed09987b64&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1663898131; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
script-src 'nonce-hjc9PCeMOheT3ZePIkOv0g' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-377c80f9da293bc5e631daf490ac0f40' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
require-trusted-types-for 'script';, script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: sc-static.net maps.googleapis.com *.kohls.com *.go-mpulse.net *.twitter.com *.adobedtm.com *.dynamicyield.com *.facebook.net *.ads-twitter.com *.zineone.com *.brsrvr.com *.btstatic.com *.thebrighttag.com *.micpn.com *.indexww.com *.googletagservices.com *.googletagmanager.com *.doubleclick.net *.impactradius-event.com *.google.com *.googlesyndication.com *.googleadservices.com *.vibescm.com *.pinimg.com *.cnnx.link *.bing.com *.clicktale.net *.liadm.com *.scorecardresearch.com *.google-analytics.com *.skavaone.com *.stylitics.com *.sspinc.io *.webcollage.net *.curalate.com *.bazaarvoice.com *.pinterest.com *.yimg.com *.2mdn.net *.tagdelivery.com *.gstatic.com *.ampproject.org *.tvpixel.com *.tiktok.com *.rezync.com *.boomtrain.com *.igodigital.com *.syndigo.com *.paypalobjects.com *.braintreegateway.com *.coherentpath.com *.redditstatic.com *.cloudflare.com *.adnxs.com *.doubleverify.com *.taboola.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.kohls.com *.skavaone.com *.stylitics.com *.bazaarvoice.com *.2mdn.net *.gstatic.com; img-src 'self' data: pippio.com t.co *.kohls.com *.kohlsimg.com *.demdex.net *.rlcdn.com *.adnxs.com *.doubleclick.net *.twitter.com *.everesttech.net *.adsrvr.org *.flashtalking.com *.thebrighttag.com *.micpn.com *.facebook.com *.krxd.net *.rubiconproject.com *.google.com *.lijit.com *.googlesyndication.com *.ojrq.net *.pinterest.com *.bing.com *.adxcel-ec2.com *.dotomi.com *.google-analytics.com *.agkn.com *.liadm.com *.clicktale.net *.curalate.com *.bazaarvoice.com *.admedia.com *.2mdn.net *.admarketplace.net *.bizrate.com *.connexity.net *.yahoo.com *.bluekai.com *.tagdelivery.com *.4cinsights.com *.dynamicyield.com *.stylitics.com *.tvpixel.com *.rezync.com *.fastly.net *.imrworldwide.com *.quantserve.com *.googletagmanager.com *.moatpixel.com *.reddit.com *.syndigo.cloud *.taboola.com *.3lift.com *.trustarc.com *.webcollage.net maps.googleapis.com chart.googleapis.com; connect-src 'self' maps.googleapis.com *.kohls.com *.demdex.net *.omtrdc.net *.go-mpulse.net *.adnxs.com *.adsrvr.org *.dynamicyield.com *.rlcdn.com *.liadm.com *.doubleclick.net *.sjv.io *.rubiconproject.com *.3lift.com *.lijit.com *.pubmatic.com *.yahoo.com *.emxdgt.com *.casalemedia.com *.googlesyndication.com *.pinterest.com *.clicktale.net *.akamaihd.net *.stylitics.com *.curalate.com *.bazaarvoice.com *.yimg.com *.techlab-cdn.com *.addressy.com *.tvpixel.com *.boomtrain.com *.snapchat.com *.akstat.io *.bing.com *.tiktok.com *.facebook.com *.dynatrace.com *.cnnx.link *.domdog.io *.zineone.com *.coherentpath.com *.syndigo.com *.doubleverify.com *.taboola.com; frame-src 'self' *.demdex.net *.flashtalking.com *.facebook.com *.doubleclick.net *.google.com *.googlesyndication.com *.liadm.com *.snapchat.com *.2mdn.net *.rlcdn.com *.pinterest.com *.pubmatic.com; worker-src 'self' blob: *.google.com; font-src 'self' data: *.gstatic.com *.stylitics.com; form-action 'self' g.co *.snapchat.com *.facebook.com; base-uri 'self' *.kohls.com; frame-ancestors 'none'; manifest-src 'self' *.kohls.com; media-src 'none'; object-src 'none'; report-uri https://csp38.domdog.io/report-uri/a9a6fb14-365a-4648-b17b-2e47930f8b49 1
default-src 'self'; base-uri 'self'; font-src cdn.jsdelivr.net; frame-src 'self' cse.google.com www.google.com; img-src 'self' *.amazonaws.com  www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu *.gstatic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu www.google-analytics.com stats.g.doubleclick.net; report-uri /csp-hotline.php 1
upgrade-insecure-requests; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; report-uri https://ocelotprod.report-uri.com/r/d/csp/wizard 1
script-src 'self' 'unsafe-inline' 'nonce-NW9wjlR4ThDBjXRMGGk1bzCoEqtIQjSd' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://resource.digital.voice.va.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-NW9wjlR4ThDBjXRMGGk1bzCoEqtIQjSd; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com https://i.ytimg.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov https://resource.digital.voice.va.gov https://www.googletagmanager.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com https://stats.g.doubleclick.net http://*.vetsgov-internal https://secure.login.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://secure.login.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-fc6efbab8a89f898f0543917ecc5173a' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self'; font-src 'self' fonts.gstatic.com data:; worker-src blob:; img-src data: 'self' img.shields.io *.atlassian.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.gstatic.com *.wp.com cdn.cookielaw.org *.clicktale.net *.doubleclick.net https://googleads.g.doubleclick.net images.ctfassets.net *.public.atl-paas.net trello.com trello-backgrounds.s3.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.co.in *.google.com *.atlassian.com *.gravatar.com; frame-src 'self' *.atl-paas.net *.googletagmanager.com player.vimeo.com trello.com www.youtube.com; connect-src 'self' *.googletagmanager.com *.clicktale.net *.launchdarkly.com *.trello.com *.doubleclick.net *.qualtrics.com *.onetrust.com *.sentry.io cdn.segment.com api.segment.io www.google-analytics.com cdn.cookielaw.org *.atlassian.com; report-uri https://web-security-reports.services.atlassian.com/csp-report/dac; object-src 'none'; style-src 'self' *.trellocdn.com 'unsafe-inline'; script-src 'nonce-NWcO5kl4EtwmbAtV+C7fUzuZeV/vFI5Ad9jZ2P5Q9Ao=' 'self' 'sha256-Nt9ereHaxV04RZ20OLtdR3uuFr1X0/Pbt5KbGls/wXg=' https://www.googleadservices.com *.segment.com *.clicktale.net mscgen.js.org *.qualtrics.com *.trellocdn.com *.atlassian.com www.googletagmanager.com www.google-analytics.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/search-insights@2.2.1 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'none'; report-uri https://dnsimple.report-uri.com/r/d/csp/wizard 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com wss://*.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com wss://alidocs-body.oss-accelerate.aliyuncs.com wss://pre-collab.dingtalk.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org alidocs.oss-cn-zhangjiakou.aliyuncs.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: http: fourier.taobao.com *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com alidocs.oss-cn-zhangjiakou.aliyuncs.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-BpqziiwM8pWtlCVZlL11tCvTyf5xu00cSFtuli7dPPM='; base-uri 'self';report-to csp-endpoint 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-05d36a1c8613f37e5837d19f29bbb160' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-d+1ulIrq2SYhq5w9PSimJg=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
frame-ancestors 'self' http://*.brijj.com http://*.naukimg.com http://*.naukri.com https://*.naukimg.com https://*.naukri.com https://*.referralrecruit.com; default-src 'unsafe-eval' 'unsafe-inline' 'self' http://*.2mdn.net http://*.adotube.com http://*.bing.com http://*.brijj.com http://*.doubleclick.net http://*.effectivemeasure.net http://*.facebook.com http://*.facebook.net http://*.fbcdn.net http://*.googleadservices.com http://*.google-analytics.com http://*.googleapis.com http://*.google.co.ae http://*.google.co.in http://*.google.com http://*.google.co.us http://*.googlesyndication.com http://*.googletagmanager.com http://*.googleusercontent.com http://*.gstatic.com http://*.jquery.com http://*.msn.com http://*.naukimg.com http://*.naukri.com http://*.oneffect.us http://*.scorecardresearch.com http://*.tapad.com http://*.tribalfusion.com http://*.yahoo.com http://*.youtube.com http://*.zedo.com https://*.andbeyond.media https://*.doubleclick.net https://*.dropbox.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.google.co.ae https://*.google.co.in https://*.google.com https://*.google.co.us https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.googleusercontent.com https://*.gstatic.com https://*.hoverr.me https://imgsrv.io https://*.jquery.com https://*.naukimg.com https://*.naukri.com https://*.oneffect.us https://*.referralrecruit.com https://*.scorecardresearch.com https://*.twitter.com https://*.vizury.com https://*.yahoo.com https://*.yimg.com https://*.youtube.com https://adserver.adtechus.com https://*.infoedgeindia.com https://logs.infoedgeindia.com https://media.licdn.com https://*.inspectlet.com wss://*.inspectlet.com https://*.cloudfront.net https://*.zedo.com https://partners.infoedge.com https://partners.infoedge.com/uba https://*.criteo.com data:; report-uri https://lg.naukri.com/cspLogger/ 1
script-src 'nonce-3OnL7vgw1HaBU_ceRNLVDw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
script-src 'self'  https://ajax.aspnetcdn.com https://ajax.googleapis.com https://canvasjs.com https://cdn.jsdelivr.net https://cdn.plot.ly https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com https://www.osha.gov; script-src-attr 'self'; style-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1
default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.doubleclick.net; font-src 'self' *.typekit.net; frame-src 'self' *.google.com *.marketo.com *.youtube.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences *.marketo.com; script-src 'self' 'nonce-EvM35cjXWvETt3yaP56jsw==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' *.addtoany.com *.bootstrapcdn.com *.marketo.com *.github.com/flurrydev/ *.github.com/ydn/ *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yimg.com *.bootstrapcdn.com github.githubassets.com/assets/ *.marketo.com *.typekit.net; report-uri /csp-report 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org api.wikimedia.org wikimania.wikimedia.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
default-src data: https://partners.akbars.ru https://apps.akbars.ru https://sravni.go2cloud.org https://www.akbars.ru https://fonts.gstatic.com https://mc.yandex.ru https://yandex.ru https://api-maps.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://google-analytics.bi.owox.com https://dadata.ru https://suggestions.dadata.ru 'self'; script-src blob: data: https://partners.akbars.ru https://apps.akbars.ru https://ajax.aspnetcdn.com https://sitesearch-suggest.yandex.ru https://yandex.ru https://site.yandex.net https://api-maps.yandex.ru https://*.maps.yandex.net https://mc.yandex.ru https://clck.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://partners.akbars.ru https://apps.akbars.ru https://fonts.googleapis.com https://yastatic.net 'self' 'unsafe-inline'; img-src blob: data: https://partners.akbars.ru https://apps.akbars.ru https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastat.net https://yastatic.net https://yandex.st https://yandex.ru https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://www.googletagmanager.com https://www.google-analytics.com https://google-analytics.bi.owox.com https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com 'self'; frame-src https://api-maps.yandex.ru https://www.facebook.com https://www.youtube.com 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.filimo.com/; block-all-mixed-content; default-src 'self' https://*.filimo.com/; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://static.cloudflareinsights.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://mc.yandex.com/ https://recaptcha.net/ https://cdn.ampproject.org/ https://*.filimo.com/ https://www.gstatic.com/ https://client.crisp.chat/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://d31qbv1cthcecs.cloudfront.net/ https://www.googletagmanager.com/; style-src 'self' 'report-sample' 'unsafe-inline' data: https://fonts.googleapis.com/ https://*.filimo.com/ https://client.crisp.chat/; object-src 'self'; frame-src *; child-src blob: https://*.filimo.com/; img-src data: blob: * file: android-webview-video-poster:; font-src 'self' data: wss: https:; connect-src *; manifest-src https://*.filimo.com/; base-uri 'self'; form-action data: https://www.facebook.com/ https://*.filimo.com/ https://*.shaparak.ir/; media-src data: blob: *; worker-src blob: https://*.filimo.com/; report-uri https://gate.rapidsec.net/g/r/csp/65d48d31-dc15-445b-9c79-23d886ab7c98/0/6/3?sct=565e133b-d067-4878-9f1a-6412ff3bb3db&dpos=report 1
connect-src 'self' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.akamaized.net https://*.kaltura.com https://endpoint.finnpanel.fi https://*.chartbeat.net https://api.flockler.com https://plugins.flockler.com https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;default-src 'self';font-src data: https://yle.fi https://*.yle.fi;frame-src 'self' https://yle.fi https://*.yle.fi https://e.infogram.com https://platform.twitter.com https://www.instagram.com https://tag.userreport.com/;img-src 'self' data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://ping.chartbeat.net https://sb.scorecardresearch.com https://*.akamaized.net https://*.akamaihd.net https://*.analytics.edgekey.net https://*.cloudinary.com https://*.kaltura.com https://syndication.twitter.com https://visitanalytics.userreport.com/ https://flockler.com https://media-api.flockler.com https://fl-1.cdn.flockler.com/ https://fl-cdn.scdn1.secure.raxcdn.com https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;manifest-src 'self';media-src blob: data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.akamaihd.net https://*.akamaized.net https://*.kaltura.com;object-src 'none';prefetch-src https://*.akamaized.net https://*.kaltura.com https://ping.chartbeat.net;script-src 'self' 'unsafe-inline' blob: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://static.chartbeat.com https://tunnus-sdk.yle.fi https://*.analytics.edgekey.net https://*.kaltura.com https://www.gstatic.com https://sak.userreport.com https://e.infogram.com https://reco.ebu.io/news-reco-yle.js https://platform.twitter.com/ https://www.instagram.com/embed.js https://platform.instagram.com/ https://embed-cdn.flockler.com/embed-v2.js https://fl-1.cdn.flockler.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;style-src 'unsafe-inline' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://fl-1.cdn.flockler.com/ https://fonts.googleapis.com/;upgrade-insecure-requests;report-to csp-report-endpoint;report-uri https://csp.aws.yle.fi/index 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-fab3e892d1298cece9c5080a97baac13' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
base-uri 'self';connect-src 'self' https: https://www.recaptcha.net wss:;default-src 'self' https: wss: blob: data:;form-action 'self' https:;img-src 'self' https: http://iea.imgix.net https://iea.imgix.net data:;media-src 'self' https: data: http://iea.imgix.net https://iea.imgix.net;object-src 'none';script-src 'self' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.recaptcha.net https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com 'sha256-l/3fcn6MZG0SSVJq6fOLe49ZKIjbWdNzhreJz7KQ/1M=' 'sha256-+MedjqNIfWWYUGuHJ53XLEjzmGDCp9Om50MVUO/C/zo=' 'nonce-pdzd16eLaCVkxmBDqXT2ZoU2tQWAi6oW';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self' 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1
default-src https: wss: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 1
object-src 'none'; script-src 'strict-dynamic' 'report-sample' 'unsafe-inline' 'unsafe-eval' http: https: 'nonce-r1OQKhqu0gLCSr6+JSyHsA=='; base-uri 'self'; report-uri https://www.stitchfix.com/dynamic-shock/security/csp_reports?action_name=show&browser_type=Chrome&controller_name=pages&logweasel_id=01GDKYVS5RB8A20JCM6JYNXKWX-DYNAMIC_SHOCK-WEB 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-c72ea2a7828a033641334f0ecd0e2e51' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-3d34342f65ad4017cfe489b83d9d0947' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
report-uri /public/php/csp.php;         frame-ancestors              'self'         ;         default-src             'self'             'unsafe-eval'             'unsafe-inline'             blob:             data:             *.amazonaws.com             *.adobedtm.com             *.bazaarvoice.com             *.geico.com             *.google.com             *.googleapis.com             *.gstatic.com             *.omtrdc.net             *.optimizely.com             *.qualaroo.com             *.ringcentral.com             *.youtube.com             https://*.bing.com             https://*.branch.io             https://*.ceros.com             https://*.clarity.ms             https://*.cloudflare.com             https://*.cookielaw.org             https://*.coveo.com             https://*.demdex.net             https://*.doubleclick.net             https://*.evergage.com             https://*.facebook.com             https://*.force.com             https://*.google-analytics.com             https://*.instagram.com             https://*.onetrust.com             https://*.qualtrics.com             https://*.quantummetric.com             https://*.radar.com             https://*.radar.io             https://*.salesforce.com             https://*.salesforceliveagent.com             https://*.sundaysky.com             https://*.twitter.com             https://*.typekit.net             https://app.link             https://cdn.ampproject.org             https://cdn.evgnet.com             https://cm.everesttech.net             https://connect.facebook.net             https://gateway.zscalerthree.net             https://i.ytimg.com             https://maxcdn.bootstrapcdn.com             https://s.w.org             https://sealserver.trustwave.com             https://static.cdn-apple.com             https://www.googleadservices.com             https://www.googletagmanager.com             https://www.paypalobjects.com         ;      1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.ubs.net *.adobedtm.com *.demdex.net *.decibelinsight.net *.decibel.com *.adform.net *.everesttech.net *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.facebook.net *.googleadservices.com *.raisenow.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; object-src 'none'; base-uri 'none'; frame-ancestors *.ubs.com *.ubs.net; form-action *.ubs.com *.ubs.net; frame-src *.ubs.com *.ubs.net https://ubs.demdex.net; connect-src *.ubs.com *.ubs.net wss://collection.decibelinsight.net collection.decibelinsight.net *.decibel.com ubs.demdex.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.googleapis.com widgets.sentifi.com *.akamaihd.net; report-uri /csp/reports 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-4ec847504396c261d82cd1d5b0fee48e' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/safety_google 1
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com fonts.gstatic.com www.artnet.com; form-action  www.artnet.com *.facebook.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.artnet.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.artnet.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: s2.adform.net www.google.co.id secure.adnxs.com pixel-geo.prfct.co www.google.co.in www.google.co.kr www.google.nl *.doubleclick.net *.linkedin.com *.facebook.com www.google.ch fonts.gstatic.com *.addthis.com *.googleapis.com www.google.fr www.googletagmanager.com www.gstatic.com ib.adnxs.com www.artnet.com news.artnet.com pixel.quantserve.com images.artnet.com a2.adform.net www.google.com www.google.ca www.google.de www.google.be www.google.dk pxl.qccerttest.com *.googlesyndication.com service.urchin.com www.google.com.au www.google.com.ph www.google.es www.google.co.uk; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: report.artnet.glassboxdigital.io *.facebook.com a2.adform.net api.sail-track.com *.googlesyndication.com region1.google-analytics.com *.doubleclick.net www.artnet.com s2.adform.net api.sail-personalize.com *.addthis.com csi.gstatic.com *.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.addthis.com *.googlesyndication.com www.google.com *.facebook.com www.artnet.com *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: v1.addthisedge.com *.addthis.com www.artnet.com www.googletagmanager.com www.gstatic.com adservice.google.com.ph edge.quantserve.com snap.licdn.com adservice.google.nl *.doubleclick.net a2.adform.net www.google-analytics.com cdn.segment.com *.googlesyndication.com pixel-geo.prfct.co *.hotjar.com ak.sail-horizon.com adservice.google.fr s2.adform.net secure.quantserve.com z.moatads.com cdn.gbqofs.com www.googletagservices.com *.facebook.net adservice.google.de adservice.google.ca rules.quantcount.com *.googleapis.com adservice.google.com adservice.google.co.uk www.google.com tag.marinsm.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com fast.fonts.net www.artnet.com; frame-ancestors 'self' ; report-uri /csp_report 1
default-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lietou-static.com *.liepin.com *.liepin.cn *.aliyuncs.com *.baidu.com *.qq.com zz.bdstatic.com pingjs.qq.com webapi.amap.com restapi.amap.com open.liepin.com ae.bdstatic.com captcha.gtimg.com captcha.myqcloud.com cdn.jsdelivr.net data: blob:; child-src * data: blob: ; img-src * android-webview-video-poster: data: blob:;  font-src * data: blob:; frame-src * data: blob: wvjbscheme:; worker-src * data: blob: ; media-src * data: blob: ; report-uri https://alarmhook.liepin.com/hook/lpsoc-save-csp.json 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
default-src 'self' https://*.fantia.jp; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.fantia.jp https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com cdn.jsdelivr.net https://nav.yumenosora.co.jp https://platform.twitter.com vjs.zencdn.net https://ec-widget.toranoana.jp https://static.ads-twitter.com https://analytics.twitter.com https://*.clarity.ms https://*.recaptcha.net https://*.gstatic.com https://*.fontawesome.com https://*.chatplus.jp https://www.googleoptimize.com; font-src 'self' https://*.fantia.jp https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com data: https://*.fontawesome.com https://*.chatplus.jp; style-src 'self' https://*.fantia.jp 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.quilljs.com https://nav.yumenosora.co.jp vjs.zencdn.net https://*.fontawesome.com https://*.chatplus.jp; img-src 'self' https://*.fantia.jp * blob: data: www.googletagmanager.com; child-src 'self' https://*.fantia.jp blob: https://platform.twitter.com https://www.googletagmanager.com https://www.youtube.com https://player.vimeo.com https://*.recaptcha.net https://*.chatplus.jp; connect-src 'self' https://*.fantia.jp id.fantia.jp https://fantia.s3-ap-northeast-1.amazonaws.com https://cc.fantia.jp https://c.fantia.jp https://ec-widget.toranoana.jp https://www.google-analytics.com https://stats.g.doubleclick.net *.clarity.ms https://*.fontawesome.com https://*.agora.io:* https://*.agoraio.cn wss://*.edge.agora.io:* wss://*.edge.agoraio.cn:* https://*.ap.sd-rtn.com https://*.statscollector.sd-rtn.com:* https://api.veritrans.co.jp https://*.chatplus.jp; media-src 'self' https://*.fantia.jp blob: https://*.chatplus.jp; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://t.r42.io/matomo.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-42660f2a9d643cf8785bdccc23bc0a53' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-95efd84edef1d584c9250178db4dcbeb' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self'; font-src 'self' data: www.gstatic.com *.raiffeisen.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen-laesing.ru *.raiffeisen-laesing.ru rbinternational.com *.rbinternational.com raiffeisen-life.ru *.raiffeisen-life.ru; style-src 'self' 'unsafe-inline' kaplife.ru cdn.jsdelivr.net www.gstatic.com *.raiffeisen.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen-laesing.ru *.raiffeisen-laesing.ru rbinternational.com *.rbinternational.com raiffeisen-life.ru *.raiffeisen-life.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.kaspersky-labs.com raiffeisen.agentapp.ru widget.oval.life google.com *.google.com polyfill.io mc.yandex.ru statad.ru yastatic.net code.jquery.com cdn.jsdelivr.net www.googletagmanager.com edge.fullstory.com analytics.tiktok.com connect.facebook.net *.mail.ru vk.com www.gstatic.com *.yandex.ru *.kirarock.space raiffeisen.ru *.raiffeisen.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen-laesing.ru *.raiffeisen-laesing.ru rbinternational.com *.rbinternational.com raiffeisen-life.ru *.raiffeisen-life.ru; connect-src 'self' *.raiffeisen.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen-laesing.ru *.raiffeisen-laesing.ru rbinternational.com *.rbinternational.com raiffeisen-life.ru *.raiffeisn-life.ru *.yandex.net *.yandex.ru dadata.ru *.dadata.ru raiffeisen.cpeople.ru *.trackjs.com google-analytics.com *.google-analytics.com sentry.b2bpolis.ru kaplife.ru www.googletagmanager.com analytics.tiktok.com vk.com *.mail.ru *.doubleclick.net dsp.upravel.com sbbe.group-ib.ru *.fp.kaspersky-labs.com *.kirarock.space; img-src 'self' data: mc.yandex.ru proxy-block.raiffeisen.ru:8002 statad.ru *.trackjs.com www.gstatic.com *.google-analytics.com *.raiffeisen.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen-laesing.ru *.raiffeisen-laesing.ru rbinternational.com *.rbinternational.com raiffeisen-life.ru *.raiffeisen-life.ru; form-action 'self'; frame-src www.youtube.com *.raiffeisen-life.ru raiffeisen-life.ru raiffeisen.agentapp.ru; report-uri /oapi/csp_report/; 1
default-src 'none'; style-src 'self'; connect-src 'self'; img-src 'self'; script-src 'self' https://www.google.com/jsapi https://www.googletagmanager.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://www.gstatic.com/charts/loader.js https://www.google-analytics.com/analytics.js; font-src 'self'; base-uri 'self'; form-action 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/ ucontent.prdg.io polyfill.io/v3/polyfill.min.js www.googletagmanager.com/gtm.js?id=GTM-PTN2DB www.google-analytics.com/analytics.js ssl.google-analytics.com/ga.js www.google-analytics.com/gtm/optimize.js?id=GTM-P5CSJ5T cdn.heapanalytics.com/js/heap-715588404.js mpsnare.iesnare.com/5.2.2/ www.google.com/jsapi accounts.google.com/gsi/client www.gstatic.com/recaptcha/ www.google.com/recaptcha/ maps.googleapis.com connect.facebook.net/en_US/sdk.js widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js completr-v2.appspot.com csr.inspsearchapi.com/lib/infospace.search.js www.googleadservices.com/pagead/ googleads.g.doubleclick.net/pagead/viewthroughconversion/ api.maruusurv-serving.com/Scripts/Integration/v1/SurveyGatewayAlternative.min.js api.maruusurv-serving.com/API/Client/v1/SurveyAvailability/ aalert.peanutlabs.com/publisherCmd.php?cmd=hasAlertJSON&userId= storage.googleapis.com/pollfish_production/sdk/webplugin/pollfish.min.js *.mogl.com cdn.hellosign.com assets.zendesk.com platform.twitter.com unpkg.com/tippy.js@6.2.7/dist/tippy.umd.min.js unpkg.com/@popperjs/core@2.5.4/dist/umd/popper.min.js unpkg.com/swiper@6.0.4/swiper-bundle.min.js unpkg.com/trianglify@3.0.0/dist/trianglify.min.js cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/js/swiper.min.js cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js wsdk.rokt.com d3op16id4dloxg.cloudfront.net/RelevantID4.js; report-uri https://prodege.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' 'nonce--yCePcByf0KtApboBpJPcA==' data: d1qwl4ymp6qhug.cloudfront.net;style-src 'self' 'unsafe-inline' d1qwl4ymp6qhug.cloudfront.net fonts.googleapis.com d3m86d30627p3p.cloudfront.net d1mh8m8kfx8806.cloudfront.net d1m1bhqxdvcj7y.cloudfront.net d1qwl4ymp6qhug.cloudfront.net;font-src 'self' data: d1qwl4ymp6qhug.cloudfront.net fonts.googleapis.com fonts.gstatic.com;script-src-elem 'self' 'nonce--yCePcByf0KtApboBpJPcA==' data: d1qwl4ymp6qhug.cloudfront.net *.flippingbook.com cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com www.googletagmanager.com connect.facebook.net cdn.mxpnl.com snap.licdn.com bat.bing.com tracking.g2crowd.com *.clarity.ms js.driftt.com *.addthis.com *.addthisedge.com z.moatads.com embed.typeform.com widgets.tree-nation.com d33i2vgywgme2s.cloudfront.net d2acn53ctcwkeb.cloudfront.net d17lvj5xn8sco6.cloudfront.net dzl2wsuulz4wd.cloudfront.net d14d3gewu22anr.cloudfront.net googleads.g.doubleclick.net s7.addthis.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com conoret.com;script-src 'self' 'nonce--yCePcByf0KtApboBpJPcA==' 'unsafe-eval' data: 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' 'sha256-beizslr6wW+733xFasCV0KHlmMzMj58NVIf2AVyJgEs=' 'sha256-nGHSZHe91dno5IugG5CzpYMY3VpExAeYdL+l7Tqkq6E=' d1qwl4ymp6qhug.cloudfront.net *.flippingbook.com cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com www.googletagmanager.com connect.facebook.net cdn.mxpnl.com snap.licdn.com bat.bing.com tracking.g2crowd.com *.clarity.ms js.driftt.com *.addthis.com *.addthisedge.com z.moatads.com embed.typeform.com widgets.tree-nation.com d33i2vgywgme2s.cloudfront.net d2acn53ctcwkeb.cloudfront.net d17lvj5xn8sco6.cloudfront.net dzl2wsuulz4wd.cloudfront.net d14d3gewu22anr.cloudfront.net googleads.g.doubleclick.net s7.addthis.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com conoret.com;connect-src 'self' https: wss: data: blob: http://ad.doubleclick.net;frame-src 'self' *.flippingbook.com catalogs.your-brand.org cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com js.driftt.com www.facebook.com www.youtube.com bid.g.doubleclick.net *.ep-mimecast.doubleclick.net *.addthis.com www.g2.com *.typeform.com securityscorecard.com widgets.tree-nation.com m.youtube.com;img-src 'self' blob: data: https: http://ad.doubleclick.net;media-src 'self' blob: data: https:;report-uri https://o26255.ingest.sentry.io/api/1359544/security/?sentry_key=8fa71d45f6aa4a06be961166e0ee495b&sentry_environment=production; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com tags.tiqcdn.com fonts.gstatic.com cdn.ivaws.com cdn.cs.1worldsync.com cdn.jsdelivr.net epson.com fast.fonts.net cdn.honey.io; form-action  *.facebook.net xiecomm.paymetric.com *.facebook.com *.snapchat.com epson.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: checkout.getbread.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.id bat.bing.com secure.adnxs.com a4.tribalfusion.com www.google.co.il www.google.co.tz www.bizrate.com www.google.com.ec www.google.ch p.adsymptotic.com www.google.com.sg www.google.hr www.google.it *.windows.net *.demdex.net epson.com www.google.cz www.google.com.hk cc.cnetcontent.com *.tealiumiq.com www.google.ie *.bidr.io www.google.ro s.tribalfusion.com www.google.lk www.google.ca www.google.no cdn.honey.io www.google.com.tr *.twitter.com www.google.ae www.google.dk www.google.co.cr www.google.com.pr www.google.com.au www.google.com.vn www.google.com.ua t.paypal.com www.google.com.ar www.google.co.in maps.gstatic.com www.google.nl www.google.co.kr www.google.co.jp *.linkedin.com fonts.gstatic.com *.taboola.com www.paypal.com c.clarity.ms www.googletagmanager.com cdn.cs.1worldsync.com www.google.com.co ib.adnxs.com www.google.at embeddedcloud.pricespider.com www.google.dz b.6sc.co www.google.com *.bazaarvoice.com www.google.com.py www.google.co.nz www.google.be www.google.ru www.google.com.bd img.youtube.com cdn.cnetcontent.com www.google.com.ph www.google.es *.omtrdc.net www.google.com.mx bam.nr-data.net tiny.superpinkday.com www.google.com.br www.google.tn c.clicktale.net www.google.co.za *.doubleclick.net sp.analytics.yahoo.com cdn.ivaws.com www.google.com.ni *.facebook.com c.bing.com segments.company-target.com www.google.com.eg www.google.com.pe mediaserver.goepson.com t.co cdn.pricespider.com yastatic.net www.google.fr www.google.com.do www.google.com.my www.google.se www.google.co.ke www.google.com.tw www.google.iq www.google.co.ma a.tribalfusion.com id.rlcdn.com files.support.epson.com l.clicktale.net www.google.com.sa www.google.co.uz www.mczbf.com www.google.com.pk www.google.tt www.google.mn www.google.pt www.google.com.mm www.google.lt www.google.co.th *.googleapis.com www.google.gr www.emjcd.com www.gstatic.com *.tiktok.com www.google.de www.google.fi *.facebook.net *.everesttech.net www.google.co.ve www.google.com.np www.google.hu www.google.co.uk; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: files.support.epson.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.twitter.com www.google.com.bd *.taboola.com www.mczbf.com region1.google-analytics.com www.google.de bcp.crwdcntrl.net ssl.kaptcha.com www.paypal.com *.snapchat.com www.google.it www.google.com.pk cdn.cs.1worldsync.com www.googletagmanager.com epsilon-cloudfront.6sense.com segments.company-target.com k-aus1.clicktale.net b.clarity.ms us-central1-adaptive-growth.cloudfunctions.net c.6sc.co a.clarity.ms www.google.co.in www.sjwoe.com q-aus1.clicktale.net www.sandbox.paypal.com www.google.com.au epson.com api.mapbox.com geoip-js.com *.demdex.net c.clicktale.net *.facebook.com n.clarity.ms m.clarity.ms *.tealiumiq.com *.doubleclick.net www.google.com.br secure.adnxs.com bam.nr-data.net f.clarity.ms e.clarity.ms events.mapbox.com d.clarity.ms www.google.co.id *.googleapis.com tags.tiqcdn.com checkout.getbread.com www.google.com.ec www.google.com g.clarity.ms *.tiktok.com bat.bing.com tiny.superpinkday.com h.clarity.ms api.company-target.com i.clarity.ms www.google.com.ph l.clarity.ms j.clarity.ms *.omtrdc.net epsilon.6sense.com k.clarity.ms; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.adsrvr.org www.paypal.com *.doubleclick.net *.demdex.net www.google.com cdnssl.clicktale.net *.facebook.com ssl.kaptcha.com www.youtube.com tsdtocl.com checkout.getbread.com *.bazaarvoice.com www.sandbox.paypal.com forms.goepson.com *.facebook.net epson.com *.dotomi.com *.snapchat.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com cdn.cs.1worldsync.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.taboola.com ssl.kaptcha.com js.cnnx.link cdn.pdst.fm j.6sc.co www.googletagmanager.com s.yimg.com cdn.cs.1worldsync.com snap.licdn.com www.google.com.ph *.adsrvr.org www.mczbf.com www.paypal.com www.google-analytics.com a.tribalfusion.com www.paypalobjects.com *.googlesyndication.com forms.goepson.com www.google.de *.twitter.com s.tribalfusion.com www.google.co.in cdnjs.cloudflare.com tags.crwdcntrl.net cdn.pricespider.com js-agent.newrelic.com www.google.com.br geoip-js.com ws.cnetcontent.com huge.superpinkday.com unpkg.com www.google.fr www.google.it fast.fonts.net www.google.com.pr www.google.com.gt *.bazaarvoice.com www.google.com.au *.tealiumiq.com *.googleadservices.com cdn.jsdelivr.net www.google.com.kh www.gstatic.com www.google.com.tr api.tiles.mapbox.com cdnssl.clicktale.net pi.pardot.com seal.verisign.com www.google.com.vn tracking.intentsify.io *.doubleclick.net scripts.demandbase.com www.youtube.com www.google.co.id epson.com www.google.ca *.tiktok.com www.google.pl sc-static.net stat.dealtime.com bat.bing.com tiny.superpinkday.com www.google.co.ve tags.tiqcdn.com *.facebook.net bam.nr-data.net www.google.com.pk www.google.co.uk www.clarity.ms *.googleapis.com www.google.com xiecomm.paymetric.com wtbevents.pricespider.com www.google.com.bd *.ads-twitter.com checkout.getbread.com www.google.nl www.google.tt locate.pricespider.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.bazaarvoice.com *.googleapis.com cdn.pricespider.com cdn.honey.io fast.fonts.net epson.com cdn.jsdelivr.net cdn.cs.1worldsync.com api.tiles.mapbox.com; frame-ancestors 'self' ; report-uri /csp_report 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-59f9b6dad7f3ac55fab89ba0df0322ae' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1
frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports 1
script-src 'self' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-T/ho1iScZY3AMxjR2T8kXg=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
font-src *.gstatic.com data: use.typekit.net script.hotjar.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' data: fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'none'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com vars.hotjar.com www.facebook.com payflowlink.paypal.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.wesupply.xyz *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de px.ads.linkedin.com p.adsymptotic.com www.facebook.com www.google.com www.linkedin.com script.hotjar.com fonts.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com legacy.pantone.com connect.facebook.net script.hotjar.com snap.licdn.com static.hotjar.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net go.xrite.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.cloudflare.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.googleapis.com *.gstatic.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de webchat.dotdigital.com stats.g.doubleclick.net in.hotjar.com bam.nr-data.net bt.signifyd.com www.facebook.com bt.signifyd.com:11103 api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=138-7046144-6235236:rid=TH2D8EZJCQBPE8P9GSBY:sn=www.acx.com 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.hsbc.com.hk:* *.walkme.com bat.bing.com *.recaptcha.net *.gstatic.cn *.biocatch.com; img-src 'self' blob: data: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net s3.walkmeusercontent.com d3sbxpiag177w8.cloudfront.net *.walkme.com bat.bing.com *.tealiumiq.com *.googletagmanager.com *.google.co.uk *.biocatch.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.hsbc.com.hk:* *.walkme.com bat.bing.com *.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.walkme.com *.googletagmanager.com *.recaptcha.net; frame-ancestors 'self' *.liveperson.net; font-src 'self' data: *.hsbc.com.hk *.walkme.com; worker-src 'self' blob: *.walkme.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com *.walkme.com; object-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://www.googleoptimize.com https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com 	 https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net *.yimg.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.yahoo.com *.pinimg.com *.redditstatic.com *.taboola.com *.pinterest.com *.googleapis.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1
default-src 'self' 'unsafe-inline' data: *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net snap.licdn.com analytics.tiktok.com sc-static.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk linkedin.com www.facebook.com t.co *.linkedin.com *.google.ch *.google.de *.google.nl *.google.com.eg *.google.es *.google.ee *.google.co.in *.google.co.uz *.adsymptotic.com *.tableau.com *.google.ge *.google.se *.google.com.bh *.google.sk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com match.adsrvr.org *.twentythree.net gateway.zscaler.net *.tableau.com *.snapchat.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' data: fonts.gstatic.com *.fca.org.uk at.alicdn.com; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com analytics.tiktok.com *.snapchat.com; report-uri https://o105440.ingest.sentry.io/api/234655/security/?sentry_key=78e86bb79e1f44d0b24b22ab1e9dc5d0; upgrade-insecure-requests 1
default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV3VOE24ov0vchYgO3uoxKHdePxnKoFiICkeq1Vt2reRBEg4zYmpS2XL1UJS-0Ova9gUiV2PUH3EvuXcIOdrBPvAUgkIP-ZRbRMryNUY6YGqAQ== ; block-all-mixed-content ; default-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live ; script-src 'report-sample' 'self' 'unsafe-eval' https://*.videoask.com https://*.videoask.live 'unsafe-inline' https://js.stripe.com https://www.dropbox.com https://*.calendly.com https://*.oncehub.com https://cdn.amplitude.com https://cdn.cookielaw.org https://cdn.rollbar.com https://cdn.segment.com https://connect.facebook.net https://fast.wistia.com https://script.crazyegg.com https://snap.licdn.com https://snippet.growsumo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://cdn.optimizely.com https://js.partnerstack.com https://edge.fullstory.com ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' data: blob: android-webview-video-poster: https: ; media-src 'report-sample' 'self' blob: data: https: ; connect-src 'report-sample' 'self' blob: https://*.videoask.com https://*.videoask.live wss://*.videoask.live wss://*.videoask.com https://videoask-media-dev.s3-accelerate.amazonaws.com https://videoask-media-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3-accelerate.amazonaws.com https://videoask-uploads-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3.amazonaws.com https://videoask-uploads-prod.s3.amazonaws.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.launchdarkly.com https://*.pexels.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://*.g.doubleclick.net https://www.google-analytics.com https://*.crazyegg.com https://p.adsymptotic.com https://www.facebook.com https://track.segmetrics.io https://*.google.com https://rs.fullstory.com https://grsm.io https://cdn.cookielaw.org https://*.onetrust.com https://*.contentful.com https://videoask.zendesk.com https://*.optimizely.com ; style-src 'report-sample' 'self' https://font.typeform.com 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://cdn.quilljs.com ; font-src 'report-sample' 'self' data: https://font.typeform.com https://fonts.gstatic.com ; frame-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live https://calendly.com https://app.acuityscheduling.com https://*.oncehub.com https://js.stripe.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.wistia.com https://www.facebook.com https://*.doubleclick.net https://6g4qf7txd07m.statuspage.io https://*.optimizely.com ; frame-ancestors * ; object-src 'none' ; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/panoramio 1
default-src sir.rediris.es www.rediris.es 'self' abs.twimg.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com self syndication.twitter.com ton.twimg.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube-nocookie.com; connect-src www.google-analytics.com; form-action syndication.twitter.com platform.twitter.com; img-src 'self' www.rediris.es abs.twimg.com data: file ton.twimg.com pbs.twimg.com platform.twitter.com; script-src-elem 'self' www.google.com www.googletagmanager.com 'unsafe-inline' www.rediris.es cdn.syndication.twimg.com platform.twitter.com; script-src www.google.com www.gstatic.com 'unsafe-inline'; style-src-elem 'self' www.rediris.es platform.twitter.com ton.twimg.com; style-src 'self'; frame-src 'self' platform.twitter.com syndication.twitter.com www.youtube-nocookie.com; object-src 'self'; report-uri https://27ee058862b5cab81e8d2c18685f28d5.report-uri.com/r/d/csp/wizard 1
default-src 'none'; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self'  https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net  https://stats.g.doubleclick.net; 1
style-src-elem 'unsafe-inline' 'self' embed.tawk.to fonts.googleapis.com; connect-src 'self' googleads.g.doubleclick.net pagead2.googlesyndication.com *.tawk.to analytics.tiktok.com adservice.google.com session-replay.browser-intake-datadoghq.eu rum-http-intake.logs.datadoghq.eu www.datadoghq-browser-agent.com www.google.com bat.bing.com cdn.segment.com www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net cookie-cdn.cookiepro.com trc-events.taboola.com api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io; font-src 'self' data: embed.tawk.to fonts.gstatic.com script.hotjar.com; frame-src www.facebook.com www.google.com www.youtube.com vars.hotjar.com widget.trustpilot.com; img-src 'self' data: tr.outbrain.com chart.googleapis.com *.gstatic.com connect.facebook.net embed.tawk.to cds.taboola.com q.quora.com s3.eu-west-2.amazonaws.com 2.gravatar.com bat.bing.com px.ads.linkedin.com www.linkedin.com c0.adalyser.com cx.atdmt.com heapanalytics.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com *.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com web.uploads.tide.co local.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' amplify.outbrain.com embed.tawk.to analytics.tiktok.com *.googleoptimize.com optimize.google.com www.datadoghq-browser-agent.com cookie-cdn.cookiepro.com cdn.jsdelivr.net bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com trc.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.google.com www.gstatic.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com tagmanager.google.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://*.clickagy.com https://www.redditstatic.com  https://app.hushly.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://d2i34c80a0ftze.cloudfront.net https://googleads.g.doubleclick.net https://hubfront.hushly.com https://info.menlosecurity.com https://j.6sc.co https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tags.srv.stackadapt.com https://trk.techtarget.com https://ws.zoominfo.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://extend.vimeocdn.com  https://www.google.com;style-src 'self' 'unsafe-inline' https://app.hushly.com https://fonts.googleapis.com https://hubfront.hushly.com https://info.menlosecurity.com https://tags.srv.stackadapt.com  https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://app.hushly.com https://fonts.gstatic.com; frame-src 'self' https://*.doubleclick.net https://info.menlosecurity.com https://js.driftt.com https://vars.hotjar.com https://www.facebook.com; img-src * data:; manifest-src 'self';media-src 'self' https://js.driftt.com; worker-src 'none'; report-uri https://csp.menlosecops.com/32d687c5-44d6-54e9-9793-d0965364f03a 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/admob_google_com 1
media-src cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com http://127.0.0.1:1714 ig.instant-tokens.com graph.instagram.com vimeo.com; style-src 'self' 'unsafe-inline' cdn.sidefx.com static.sidefx.com d2wvmrjymyrujw.cloudfront.net media.sidefx.com fonts.googleapis.com www.google.com tagmanager.google.com *.vimeocdn.com; script-src 'self' 'unsafe-eval' cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.youtube.com 'nonce-gkVEGiwUrLFMhIj3FRknCw=='; img-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com ssl.gstatic.com www.google.com www.googleapis.com clients1.google.com i.ytimg.com *.vimeocdn.com www.paypal.com placekitten.com http://dummyimage.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; default-src 'self'; font-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com fonts.gstatic.com; frame-src 'self' data: static.sidefx.com media.sidefx.com www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com maps.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com; report-uri https://www.sidefx.com/csp_reports/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' *.adac.de *.adac.biz *.usercentrics.eu *.e-bot7.de; font-src 'self' assets.adac.de; frame-src 'self' *.usercentrics.eu *.e-bot7.de greenncap.trm.do emsdigital.de www.bundesfinanzministerium.de ce.yourvideo.tv embed.wakelet.com widget.msgp.pl; frame-ancestors 'self' *.dev-club.de; img-src 'self' data: blob: assets.adac.de *.usercentrics.eu *.googletagmanager.com; object-src 'self' *.usercentrics.eu; media-src 'self' blob: assets.adac.de; script-src 'nonce-pcKjKLkIeGwOVCPUA0BhxA==' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.dev-club.de 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://shopfs.myoppo.com   https://static-common.heytapdownload.com https://obus-cn.dc.heytapmobi.com  https://dsfs.oppo.com https://static.sensorsdata.cn https://captcha-sec.heytapmobi.com https://collect.opposhop.cn/ https://sa.opposhop.cn/ https://ocs-cn-north1.heytapcs.com https://cdn.jsdelivr.net https://jscatch.heytapmobi.com https://uc-avatar-cn.heytapimage.com https://yihuan.oppo.com https://img-oppo-com.oss-cn-hangzhou.aliyuncs.com https://at.alicdn.com https://b.yzcdn.cn https://bsp-di-cn.heytapmobi.com https://cem-survey.myoas.com; block-all-mixed-content; report-uri https://ti.oppo.com/csp/DataReport 1
report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; img-src 'self' https://tiles.rz.uni-leipzig.de/ https://img.youtube.com/; script-src 'self' 'unsafe-inline' https://app1.edoobox.com/ https://cdn1.edoobox.com/ https://uni.wwwstat.rz.uni-leipzig.de/ https://vimeo.com/api/; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; connect-src 'self' https://uni.wwwstat.rz.uni-leipzig.de/; frame-src https://app1.edoobox.com/ https://www.studieren-weltweit.de/ https://www.facebook.com/ https://www.sozphil.uni-leipzig.de/ https://studienbuero.erzwiss.uni-leipzig.de/ https://open.spotify.com/ https://www.youtube-nocookie.com/embed/ https://player.vimeo.com/video/; 1
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-NJRK52xM1oa3/A==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com http://www.facebook.com https: mailto: tel: ms-appx-web: blob: 'self'; img-src * data: blob: 'self' android-webview-video-poster:; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net http://*.dynamicyield.com https: 'unsafe-inline' 'self'; font-src http://*.dynamicyield.com http://*.webspellchecker.net http://fonts.gstatic.com https: data: blob: 'self' http://themes.googleusercontent.com chrome-extension: localhost:3000;report-uri /csp/submit 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-ef488ed935cf67847f92c2dcfe143fb0' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self' wss: *.intercom.io; script-src 'self' 'unsafe-eval' 'unsafe-inline'  ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.art.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com widget.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.art.com cdn.pbbl.co *.googleadservices.com code.jquery.com *.intercom.io *.artprintimages.com *.google.com *.affirm.com *.allpostersimages.com *.fbot.me *.datadoghq-browser-agent.com *.intercom.io; object-src 'none'; base-uri 'self'; report-uri https://csp.walmart.com/c/r/art 1
require-trusted-types-for 'script'; trusted-types angular angular#bundler angular#unsafe-bypass aio#analytics google#safe goog#html; report-uri https://csp.withgoogle.com/csp/angular.io 1
frame-ancestors 'self' http://*.abcya.com:* https://*.abcya.com:* https://*.ixl.com:* https://*.ixl.x:* https://*.ixl.k38:* https://*.ixl.m26:* https://*.ixl.cap:* https://*.ixl.lb:* https://*.ixl.k10:* https://*.ixl.k41:* https://*.ixl.t:* https://*.ixl.abcyaonixl.ixl.dev:* http://localhost:* https://*.ixl.dev:*; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.admetricspro.com https://assets-abcya-com.netlify.app https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://*.admetricspro.com https://*.stripe.com https://*.abcya.com https://assets-abcya-com.netlify.app https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://assets-abcya-com.netlify.app https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self' https://assets-abcya-com.netlify.app; object-src https://*.abcya.com https://assets-abcya-com.netlify.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://imasdk.googleapis.com/js/sdkloader/ima3.js https://vjs.zencdn.net/7.11.4/video.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.0.0/videojs.ads.min.js https://adservice.google.com https://cdn.ampproject.org https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://vjs.zencdn.net/7.11.4/video-js.css https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.7.0/videojs.ads.css https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.css https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1
script-src 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com; report-uri /api/v3/violations/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://snap.licdn.com https://static.ads-twitter.com   https://analytics.twitter.com https://connect.facebook.net  https://cdn.cookielaw.org  https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://www.youtube.com  https://static.addtoany.com  https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com   https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com  https://www.gstatic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com; report-uri /report-csp-violation 1
default-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com https://app505-dayforce-csp-func.azurewebsites.net/api/DFCspReportFunction; script-src 'self' 'unsafe-eval' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com 'nonce-VyzdYO8JHA==' 'report-sample'; style-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com 'unsafe-inline'; img-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com data: blob:; font-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com  https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com data:; object-src 'none'; base-uri 'self'; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com code.jquery.com https://cdn.boomcdn.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.polyfill.io https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://polyfill.io https://public.tableau.com https://static.addtoany.com https://unpkg.com https://www.google.com maps.googleapis.com maxcdn.bootstrapcdn.com tether.io unitegallery.net 'unsafe-inline'; script-src-attr 'self'; style-src 'self' ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://use.fontawesome.com unitegallery.net 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-qSl8lRepNsi+6CTwe+YFYdY+/1hbdzVn57Pq2z9B3yQ='; base-uri 'self';report-to csp-endpoint 1
default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co/6si.min.js https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hsleadflows.net https://js.qualified.com https://maps.googleapis.com https://rum-static.pingdom.net https://script.hotjar.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://tagmanager.google.com https://tags.clickagy.com/data.js https://tracking.g2crowd.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com https://www.google-analytics.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src 'self' https://*.hotjar.com https://*.pingdom.net https://adservice.google.com/pagead/ https://aorta.clickagy.com/data https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://c.6sc.co https://cdn.cookielaw.org https://forms.hsforms.com https://forms.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com/external/hasHashes https://hubspot-forms-static-embed.s3.amazonaws.com https://ipv6.6sc.co/ https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://stats.g.doubleclick.net https://vc.hotjar.io https://ws.zoominfo.com/pixel/collect https://www.facebook.com https://www.google-analytics.com https://www.google.com wss://*.hotjar.com wss://app.qualified.com wss://ws.qualified.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.scene7.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org cdn-apple.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; 1
default-src 'self' tpc.googlesyndication.com;frame-ancestors 'self';frame-src 'self' https://staticcdn.co.nz www.youtube.com www.facebook.com connect.facebook.net gsa://onpageload https://d2rf51x5ga9gxp.cloudfront.net trademe.wufoo.com matterport.com *.matterport.com viewer.metamaker.istaging.com vtc.virtualtourscreator.com.au app.cloudpano.com youriguide.com virtualtour.laserfocus.co.nz s3virtualtour.esoft.com www.boxbrownie.com kuula.co https://api.trademe.co.nz/ https://auth.trademe.co.nz https://*.app.trade.me https://vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://vtc.virtualtourscreator.com.au https://app.cloudpano.com https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com console.googletagservices.com *.doubleclick.net *.imrworldwide.com *.trademepayments.co.nz *.pingauth.trademe.co.nz https://vars.hotjar.com;font-src 'self' data: *.tmcdn.co.nz fonts.googleapis.com fonts.gstatic.com https://static.hotjar.com;img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com i.vimeocdn.com www.facebook.com https://staticcdn.co.nz secure-gl.imrworldwide.com *.segment.com https://api.trademe.co.nz/ *.tmcdn.co.nz https://trademe-prod-cdn.global.ssl.fastly.net https://*.trademe.co.nz *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googlesyndication.com *.imrworldwide.com *.doubleclick.net *.googleusercontent.com https://*.hotjar.com api.myautoshop.co.nz images.myautoshop.co.nz sslphotos.jato.com via.placeholder.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://frend-assets.freetls.fastly.net/ https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googletagservices.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.segment.com *.appboycdn.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn www.googleadservices.com *.doubleclick.net *.imrworldwide.com *.googlesyndication.com cdn.ampproject.org https://static.hotjar.com https://script.hotjar.io https://script.hotjar.com https://*.afterpay.com https://*.app.trade.me https://*.newrelic.com https://*.nr-data.net;form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/ https://*.app.trade.me;connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz *.tmcdn.co.nz https://*.app.trade.me *.segment.io *.segmentapis.com *.segment.com *.braze.com sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.doubleclick.net *.googlesyndication.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.afterpay.com https://*.app.trade.me https://*.nr-data.net;child-src 'self' https://vars.hotjar.com;worker-src 'self' https://vars.hotjar.com;report-uri https://sentry.io/api/1279183/security/?sentry_key=990566bb4d5d4445ae67eba309f51cfd&sentry_release=frend--8431e980 1
default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.yahoo.com *.doubleclick.net; font-src 'self' *.bootstrapcdn.com; frame-src 'self' *.soundcloud.com *.twitter.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com *.yahoo.com https://www.google.com/ads/ga-audiences *.pendo.io *.twitter.com *.twimg.com; script-src 'self' 'nonce-qK4zcIatZqptNVG22HVUNA==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com *.github.com/flurrydev/ *.pendo.io *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.yimg.com *.twitter.com *.twimg.com https://github.githubassets.com/assets/ *.bootstrapcdn.com; report-uri /csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.soloway.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://www.googleoptimize.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com 	 https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://www.googleoptimize.com https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
font-src 'self' d3jbm9h03wxzi9.cloudfront.net fonts.googleapis.com data: https:; img-src 'self' d3jbm9h03wxzi9.cloudfront.net s3.amazonaws.com/revue imgix.revue.co revue-direct.imgix.net data: https:; object-src 'none'; script-src 'self' d3jbm9h03wxzi9.cloudfront.net cdn.mxpnl.com checkout.stripe.com connect.facebook.net www.google-analytics.com js.stripe.com use.typekit.net *.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'unsafe-eval' https: 'nonce-wQmqfrRRd3ptEI8YCXZvvQ=='; frame-src www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https:; style-src 'self' d3jbm9h03wxzi9.cloudfront.net 'unsafe-inline' https:; connect-src 'self' wss://*.intercom.io *.intercom.io *.intercomcdn.com wss://*.pusher.com https:; report-uri /csp-report 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.google.com *.snapchat.com hcaptcha.com *.hcaptcha.com; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://servedby.flashtalking.com https://ad.doubleclick.net *.tiktok.com *.snapchat.com *.appsflyer.com hcaptcha.com *.hcaptcha.com; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world *.googleapis.com ;script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-S9fTGZbIakmKqJTiLb+pNA==' 'sha256-JaJnzDFt7nhixFwT6OGtcVsmCt5j0JhDTL/mOR+yeLc=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-FIhX+YlCX/mDgfVKSE47aYd0Shmm38UT5k6gKibikZ0=' 'sha256-7BSxikp5FMWFqVRAH/DEQbsUrCRdzv8w/exsasxdYtY=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' https: hcaptcha.com *.hcaptcha.com; 1
report-uri https://www.yelp.com/csp_report_only?id=e5a2173ed6b0e56d&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1663907487; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
script-src 'strict-dynamic' 'nonce-s8UpL9B2v5bAkU/d18HftQ=='; 1
base-uri 'self'; frame-src 'self' data: https://codesandbox.io https://embed.diagrams.net https://www.grokkingpython.com https://www.paypalobjects.com https://googleads.g.doubleclick.net https://pay.google.com https://bid.g.doubleclick.net https://accounts.google.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://vimeo.com https://player.vimeo.com *.hotjar.com *.hotjar.io https://www.google.com/recaptcha/ https://assets.braintreegateway.com https://*.paypal.com https://*.cardinalcommerce.com https://tpc.googlesyndication.com https://*.educative.run https://js.educative.io; object-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cardinalcommerce.com https://track.linksynergy.com https://ws.zoominfo.com https://tags.rd.linksynergy.com https://services.xg4ken.com https://grow.clearbitjs.com https://q.quora.com https://public.profitwell.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://js.hs-scripts.com https://tag.rmp.rakuten.com https://a.quora.com https://js.hsadspixel.net https://js.hs-banner.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://www.googletagmanager.com https://*.google.com https://*.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://connect.facebook.net https://twitter.com https://*.twitter.com https://*.ads-twitter.com https://snap.licdn.com https://player.vimeo.com https://www.gstatic.com https://www.dwin1.com https://px.ads.linkedin.com https://www.linkedin.com https://educative.activehosted.com https://*.youtube.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://s.ytimg.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://tpc.googlesyndication.com https://code.jquery.com/jquery-3.1.1.slim.min.js https://cdnjs.cloudflare.com/ajax/libs/babel-core/5.8.23/browser.js https://d3rxaij56vjege.cloudfront.net/form-serialize/0.3/serialize.min.js; worker-src 'self'; report-uri https://www.educative.io/report/csp 1
connect-src 'self' *.google.com api.cookiefirst.com apipub.confirmic.com *.helpscout.net *.pusher.com endpoint1.collection.us2.sumologic.com checkoutshopper-live.adyen.com consent.cookiefirst.com ct.pinterest.com d3hb14vkzrxvla.cloudfront.net *.cookiefirst.com maps.googleapis.com o353884.ingest.sentry.io region1.google-analytics.com spsc.oda.com tr.snapchat.com www.google.no www.google.se www.google.fi *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com www.google-analytics.com pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' checkoutshopper-live.adyen.com consent.cookiefirst.com fonts.googleapis.com tagmanager.google.com unpkg.com; default-src 'self' tr.snapchat.com; font-src 'self' data: fonts.gstatic.com; frame-src *.edb.com *.3dsecure.no *.sbanken.no *.sparebank1.no op-vdm.wlp-acs.com valtuutus.op.fi *.3ds.modirum.com danskebank-3ds-bxl.wlp-acs.com identify.nordea.com *.luottokunta.fi checkoutshopper-live.adyen.com tpc.googlesyndication.com tr.snapchat.com www.youtube-nocookie.com *.doubleclick.net ct.pinterest.com js.stripe.com snappcm.com form.jotform.com submit.jotformeu.com kolonial.eu.looker.com; child-src 10181747.fls.doubleclick.net checkoutshopper-live.adyen.com tr.snapchat.com; script-src 'self' 'unsafe-eval' *.sentry-cdn.com api.mailgun.net beacon-v2.helpscout.net checkoutshopper-live.adyen.com config.confirmic.com config.metomic.io connect.facebook.net consent-manager.confirmic.com consent-manager.metomic.io consent.cookiefirst.com data: googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com sc-static.net www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com *.googletagmanager.com ssl.google-analytics.com cdn.polyfill.io unpkg.com tr.snapchat.com js.stripe.com 'nonce-4xovMGhBS0Uq3xMTR0af/g=='; img-src 'self' api.mapbox.com bilder.kolonial.no checkoutshopper-live.adyen.com *.pinterest.com data: *.googleapis.com maps.gstatic.com play-lh.googleusercontent.com tr.snapchat.com www.facebook.com www.google.de www.google.dk www.google.no www.google.fi www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.googlesyndication.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ai.asapp.com *.wistia.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com munchkin.marketo.net static.ads-twitter.com googleads.g.doubleclick.net www.google.com analytics.twitter.com app-sj32.marketo.com src.litix.io www.googleanalytics.com www.googleoptimize.com optimize.google.com unpkg.com scout-cdn.salesloft.com cdn.segment.com; style-src 'self' 'unsafe-inline' ai.asapp.com pro.fontawesome.com fonts.googleapis.com app-sj32.marketo.com optimize.google.com; font-src 'self' data: pro.fontawesome.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data: www.google-analytics.com www.googletagmanager.com optimize.google.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; connect-src 'self' ai.asapp.com www.google-analytics.com stats.g.doubleclick.net *.wistia.com embedwistia-a.akamaihd.net *.mktoresp.com *.mktoutil.com *.litix.io *.lever.co scout.salesloft.com cdn.segment.com api.segment.io; frame-src ai.asapp.com bid.g.doubleclick.net app-sj32.marketo.com fast.wistia.com www.googletagmanager.com optimize.google.com youtube.com www.youtube.com; object-src embedwistia-a.akamaihd.net embed-fastly.wistia.com; worker-src blob:; frame-ancestors 'self' asapp.northpass.com; report-uri https://asapp.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-e8682898b8b99f460f85c4a4d136d62e' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-db4aa05ec3d87b7a2aa223731ef45101' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.heapanalytics.com *.2mdn.net *.33across.com *.acexchange.co.kr *.ad-generation.jp *.adagio.io *.addthis.com *.addthisedge.com *.adform.com *.adiiix.com *.adingo.jp *.admanmedia.com *.admixer.com *.admixer.net *.adtech.com *.adtiming.com *.advangelists.com *.advertising.com *.adyoulike.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.aniview.com *.aol.com *.appnexus.com *.aps.amazon.com *.aralego.com *.avantisvideo.com *.axonix.com *.beachfront.com *.behave.com *.betweendigital.com *.bidmachine.io *.bidstreammedia.com *.bidtellect.com *.bing.com *.blis.com *.braintreegateway.com *.brid.tv *.brightcove.com *.brightcove.net *.chocolateplatform.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.consumable.com *.contextweb.com *.conversantmedia.com *.crazyegg.com *.criteo.com *.criteo.net *.districtm.io *.doubleclick.net *.doubleverify.com *.e-planning.net *.e-volution.ai *.emxdgt.com *.engagebdr.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.fastclick.net *.freewheel.tv *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.id5-sync.com *.improvedigital.com *.indexexchange.com *.infolinks.com *.inmobi.com *.inskinmedia.com *.instagram.com *.insticator.com *.jquery.com *.kargo.com *.launchdarkly.com *.lemmatechnologies.com *.lijit.com *.lkqd.com *.lkqd.net *.logan.ai *.loopme.com *.marketo.net *.media.net *.mediago.io *.mediatradecraft.com *.moatads.com *.mobfox.com *.mobileadtrading.com *.my.com *.my6sense.com *.narrativ.com *.nativo.com *.newrelic.com *.nr-data.net *.ogury.com *.onetag.com *.openexchangerates.org *.openx.com *.outbrain.com *.playbuzz.com *.pokkt.com *.prodooh.com *.proper.io *.pubmatic.com *.pubnative.net *.px-cdn.net *.quantcount.com *.quantserve.com *.realself.com *.revcontent.com *.rhythmone.com *.richaudience.com *.risecodes.com *.rlcdn.com *.rsdev.co *.rubiconproject.com *.s-onetag.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.snapengage.com *.somoaudience.com *.sonobi.com *.sovrn.com *.speedcurve.com *.spotx.tv *.spotxchange.com *.springserve.com *.ssp.e-volution.ai *.ssp.logan.ai *.stackadapt.com *.synacor.com *.target.my.com *.teads.tv *.telaria.com *.themediagrid.com *.tremorhub.com *.tribalfusion.com *.triplelift.com *.typekit.net *.ucfunnel.com *.undertone.com *.unrulymedia.com *.vdopia.com *.velismedia.com *.verve.com *.video.unrulymedia.com *.vidoomy.com *.yahoo.com *.yieldmo.com *.zencdn.net btloader.com openexchangerates.org blob:; worker-src 'self' blob:; frame-ancestors *; form-action *; report-uri https://api.realself.com/v1/rs-csp-sc/csp-info; report-to security-report 1
frame-ancestors 'self' https://www.bing.com https://www.google.at https://www.google.de https://*.search.yahoo.com; report-uri https://www.rolex.com/csp-reports/?req_id=2da592b3 1
frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src *.youtube.com vk.com https: blob: mc.yandex.ru jivosite.com; report-uri /csp-report; 1
default-src 'self' https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 'report-sample'; report-uri https://632817c861f1dae92c2ae121.endpoint.csper.io?v=0; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-kjYXjBI/p65Q+CdNErUS+w=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blueconic.net *.blueconic.net siteimproveanalytics.io *.siteimproveanalytics.io siteimproveanalytics.com *.siteimproveanalytics.com googleadservices.com *.googleadservices.com youtube.com *.youtube.com wwu.edu *.wwu.edu technolutions.net *.technolutions.net tableau.com *.tableau.com googleusercontent.com *.googleusercontent.com vimeocdn.com *.vimeocdn.com windows.net *.windows.net github.io *.github.io googletagmanager.com *.googletagmanager.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net; report-uri https://www.wwu.edu/report-uri/reportOnly 1
block-all-mixed-content; style-src 'self' 'unsafe-inline' *.uni-wuerzburg.de www.google.com; img-src 'self' data: *.uni-wuerzburg.de *.gstatic.com *.google.com www.googleapis.com; object-src 'self' *.uni-wuerzburg.de; frame-src 'self' *.uni-wuerzburg.de *.youtube-nocookie.com cse.google.com; frame-ancestors 'self' *.uni-wuerzburg.de; base-uri 'self' www.uni-wuerzburg.de; form-action 'self' *.bibliothek.uni-wuerzburg.de www.uni-wuerzburg.de; media-src 'self' data: *.uni-wuerzburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uni-wuerzburg.de *.google.com; report-uri https://www2.uni-wuerzburg.de/rz/csp-report-uri/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: *.3lift.com *.adroll.com *.affilae.com *.bidr.io *.casalemedia.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.facebook.com *.getbeamer.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.outbrain.com *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.twitter.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net data: fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com cdn.cookielaw.org *.onetrust.com *.ceros.com ceros-creative-services.s3.amazonaws.com ajax.googleapis.com ; img-src * data: ; font-src 'self' data: fonts.gstatic.com github.com images.mutinycdn.com maxcdn.bootstrapcdn.com use.typekit.net ; connect-src 'self' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com *.clarity.ms *.datadoghq.com *.google-analytics.com *.hotjar.com *.hotjar.io *.linkedin.com *.mktoresp.com *.mktoutil.com *.mutinyhq.io *.pingdom.net *.segment.com *.segment.io *.sentry.io adservice.google.com api.amplitude.com api.company-target.com api.madkudu.com api.segment.io app.clearbit.com app.getsentry.com backend.getbeamer.com d.adroll.com data: in.hotjar.com maps.googleapis.com prod-algolia-blog-subscription.herokuapp.com raw.githubusercontent.com stats.g.doubleclick.net us-central1-documentation-feedback.cloudfunctions.net user-data.mutinycdn.com vitals.vercel-insights.com wss://*.hotjar.com www.google-analytics.com www.google.com cdn.cookielaw.org *.onetrust.com *.ceros.com ceros-creative-services.s3.amazonaws.com ; worker-src 'self' blob: ; report-uri https://algolia.report-uri.com/r/t/csp/wizard 1
default-src 'self' *.twimg.com *.vimeo.com www.youtube.com *.cdninstagram.com; connect-src 'self' *.facebook.com www.google-analytics.com; script-src 'self' *.facebook.com *.facebook.net www.googletagmanager.com *.google-analytics.com *.netdna-ssl.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.typekit.net *.netdna-ssl.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: *.facebook.com s.w.org secure.gravatar.com *.twimg.com *.google-analytics.com *.cdninstagram.com *.netdna-ssl.com; font-src data: 'self' fonts.gstatic.com use.typekit.net *.netdna-ssl.com; frame-src www.facebook.com player.vimeo.com www.youtube.com; report-uri https://browser-listener-10c8e3692d0a.cloudapps.digital/csp-reports; report-to csp-endpoint 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-1d4faf674b909695e9276a15165faf46' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
object-src 'none'; script-src 'self' 'nonce-jTqjjj3GJ59UqI3' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: 'sha256-47mKTaMaEn1L3m5DAz9muidMqw636xxw7EFAK/YnPdg=' 'sha256-iry7oJKoKJ+9HSjmU3E1TlRlpSesJWZ1vapuUz2MP38='; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=146&pid=00a317cf49280192&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKPH5ZTmpYuVYPwrB4l0ndAywbEABZ7Ck-h; base-uri 'none'; 1
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.fontawesome.com consent.trustarc.com fonts.gstatic.com cdn.honey.io moneygram-intl.ingeniuxondemand.com *.force.com *.googleapis.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com asset.gomoxie.solutions *.force.com use.fontawesome.com cdn.honey.io moneygram-intl.ingeniuxondemand.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net www.google.com *.tiktok.com www.google.co.ma www.google.co.uk c.clarity.ms www.google.com.pk fonts.gstatic.com consent-pref.trustarc.com www.google.it cdn.smct.io *.googleapis.com tr.silverpush.co www.google.fr l.contentsquare.net bat.bing.com bam.nr-data.net www.gstatic.com consent.trustarc.com events.smct.co *.sitescout.com *.doubleclick.net moneygram-intl.ingeniuxondemand.com flask.nextdoor.com *.facebook.com www.ojrq.net maps.gstatic.com www.googletagmanager.com www.google.ca www.google.de webv2cmsprod.aws.moneygram.com *.snapchat.com *.force.com drs2.veinteractive.com sp.analytics.yahoo.com c.az.contentsquare.net consumerapi.moneygram.com cdn.honey.io www.google.com.gh; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: deviceauth.moneygram.com moneygram.vc.hr *.sitescout.com *.wlp-acs.com www.emjcd.com www.google.com centinelapi.cardinalcommerce.com *.cloudfront.net survey.us.confirmit.com config1.veinteractive.com tags.rd.linksynergy.com asset.gomoxie.solutions www.googletagmanager.com *.dotomi.com *.snapchat.com *.force.com smct.co consent.trustarc.com conversions.clickmeter.com *.doubleclick.net hosted.where2getit.com geo.cardinalcommerce.com clickmeter.com www.youtube.com *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: asset.gomoxie.solutions tags.rd.linksynergy.com *.force.com songbird.cardinalcommerce.com config1.veinteractive.com www.woopra.com *.googleadservices.com www.googletagmanager.com s.yimg.com d.turn.com up.pixel.ad cdnjs.cloudflare.com *.salesforceliveagent.com consent.trustarc.com www.gstatic.com bat.bing.com utt.impactcdn.com moneygram-intl.ingeniuxondemand.com www.google.ca s3.amazonaws.com *.doubleclick.net *.tiktok.com tags.tiqcdn.com *.facebook.net www.google.com digitalfeedback.us.confirmit.com js.smct.co intljs.rmtag.com smct.co *.googleapis.com six.cdn-net.com www.tp88trk.com deviceauth.moneygram.com includes.ccdc02.com ads.nextdoor.com *.quantummetric.com sc-static.net t.contentsquare.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: k-us1.az.contentsquare.net moneygram-intl.ingeniuxondemand.com n.clarity.ms j.clarity.ms www.tp88trk.com m.clarity.ms webv2cmsprod.aws.moneygram.com location.gomoxie.solutions centinelapi.cardinalcommerce.com d.clarity.ms ipl.smct.io e.clarity.ms consumerapi.moneygram.com writer.cardinalcommerce.com h.clarity.ms digitalfeedback.us.confirmit.com ipl.smct.co sp.analytics.yahoo.com bat.bing.com sessionapi.veinteractive.com adservice.google.com ipb.smct.co cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com cookiee1.veinteractive.com *.facebook.com *.tiktok.com *.doubleclick.net events-moneygram.gomoxie.solutions kg668dbov0.execute-api.us-east-1.amazonaws.com s.yimg.com asset.gomoxie.solutions www.googletagmanager.com *.force.com consent-pref.trustarc.com *.snapchat.com ipb.smct.io www.google.com c.az.contentsquare.net *.quantummetric.com geo.cardinalcommerce.com api.onfido.com q-us1.az.contentsquare.net bam.nr-data.net js.smct.co *.googleapis.com moneygram.pxf.io js.smct.io smct.co a.clarity.ms events.smct.co nkys7k94ig.execute-api.us-east-2.amazonaws.com; form-action  *.snapchat.com *.wlp-acs.com deviceauth.moneygram.com *.salesforceliveagent.com *.facebook.com geo.cardinalcommerce.com; frame-ancestors 'self' ; report-uri /csp_report 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=A2I9A3Q2GNFNGQ:sid=258-8117892-9890830:rid=X79TNXA01EG6HB8PYKG9:sn=www.audible.co.uk 1
default-src 'none'; connect-src 'self' data: *; font-src 'self' https://fonts.gstatic.com; img-src 'self' * data: blob: 'unsafe-inline'; media-src 'self' * data: blob: 'unsafe-inline'; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-dS8VeOplsITnJ1taJo5Go88x'; style-src 'self' 'unsafe-inline' *; report-uri /marketplace/api/csp-report 1
default-src 'self' *.openjdk.java.net feedburner.google.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' feeds.feedburner.com *.statcounter.com statcounter.com; img-src 'self' data: *.statcounter.com *.openjdk.java.net feedburner.google.com; frame-ancestors 'none'; report-uri https://openjdk.report-uri.io/r/default/csp/reportOnly 1
frame-ancestors 'self' http://*.oriflame.com https://*.oriflame.com http://*.online.ori https://*.online.ori http://*.ori.local https://*.ori.local http://*.oriflame.cc https://*.oriflame.cc http://*.oriflame.ru https://*.oriflame.ru http://*.oriflame.cn https://*.oriflame.cn; report-uri /CspReport?policyRequestId=e8da52ef398ae95f 1
default-src 'self'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net d34s7xanp5e5sf.cloudfront.net www.gstatic.com js.stripe.com *.googleapis.com www.google.com compilers.widgets.sphere-engine.com; connect-src 'self' wss://push.piazza.com api.stripe.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org; report-uri /security/csp_report 1
default-src 'self' blob: data: https: *.px-cloud.net pxchk.net px-client.net *.google.com *.criteo.com *.facebook.com *.pinterest.com *.fullstory.com *.bing.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; object-src *.online-metrix.net; script-src *.discovercard.com *.discover.com *.aexp-static.com *.mastercard.com d3eaqalnfsy4sn.cloudfront.net woobox.com *.instagram.com *.jquery.com *.px-cdn.net *.perimeterx.net *.iesnare.com d29usylhdk1xyu.cloudfront.net rpxnow.com *.googleapis.com *.bazaarvoice.com *.youtube.com *.truefitcorp.com *.getsidecar.com *.verisign.com d3m83gvgzupli.cloudfront.net *.pcapredict.com *.visa.com *.online-metrix.net *.agkn.com *.agilone.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' 'self' *.affirm.com *.postcodeanywhere.co.uk *.attn.tv *.yottaa.net *.coremetrics.com *.monetate.net *.googletagmanager.com *.google-analytics.com *.criteo.net *.murdoog.com *.facebook.net *.ads-twitter.com *.pinimg.com fullstory.com *.signifyd.com *.bing.com *.rejoiner.com d3v27wwd40f0xu.cloudfront.net *.google.com *.impactradius-event.com *.googlecommerce.com *.liveperson.net *.fullstory.com *.twitter.com *.criteo.com *.lpsnmedia.net *.moosejaw.com googleads.g.doubleclick.net *.googleadservices.com *.xg4ken.com; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=g3UgcLo4h3Ycdg&ruleName=Default_Profile_CSP 1
base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';script-src 'report-sample' 'nonce-sT3BkjyiEcKaJyUZJyW5ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline';report-uri /cspreport 1
manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: gateway.zscalerone.net *.kmart.com.au; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com c.oracleinfinity.io druidapc.prod.druidprod.a-kmtkmg.net rec.smartlook.com sc-static.net p.yotpo.com www.paypal.com *.facebook.net js-agent.newrelic.com unpkg.com www.google-analytics.com bam.nr-data.net staticw2.yotpo.com www.paypalobjects.com *.tiktok.com *.googlesyndication.com gateway.zscalerone.net *.pinterest.com www.youtube.com www.google.ca *.tealiumiq.com *.kmart.com.au dc.oracleinfinity.io www.google.com.au survey.survicate.com *.googleadservices.com www.gstatic.com kma-cdn.truefitcorp.com cdn.truefitcorp.com consumer.truefitcorp.com www.google.com cdn-quick-ar.threedy.ai *.pinimg.com seoab.io embed.salefinder.com.au *.optimizely.com www.clarity.ms cnstrc.com www.googletagmanager.com *.googleapis.com webservice.salefinder.com.au ssl.google-analytics.com surveys-static.survicate.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; form-action  secure7.arcot.com *.pinterest.com *.kmart.com.au gateway.zscalerone.net *.facebook.com *.snapchat.com www.rsa3dsauth.co.uk api.paydock.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.kmart.com.au cdn.truefitcorp.com www.paypal.com www.rsa3dsauth.co.uk gateway.zscalerone.net www.paypalobjects.com ap.gateway.mastercard.com tags.tiqcdn.com *.custhelp.com *.flashtalking.com *.facebook.com www.youtube.com www.google.com *.optimizely.com *.pinterest.com www.googletagmanager.com *.doubleclick.net *.snapchat.com secure7.arcot.com *.googlesyndication.com api.paydock.com widget.paydock.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: p.yotpo.com t.paypal.com www.google.es bat.bing.com *.snapchat.com www.google.is images.ctfassets.net www.google.co.in *.doubleclick.net maps.gstatic.com fonts.gstatic.com c.bing.com www.googletagmanager.com www.google.ca *.facebook.com gateway.zscalerone.net *.kmart.com.au *.googleapis.com c.clarity.ms bam.nr-data.net www.google.co.id www.google-analytics.com www.gstatic.com *.optimizely.com dc.oracleinfinity.io www.google.com.au 50.xg4ken.com *.tiktok.com embed.salefinder.co.nz *.googlesyndication.com *.tealiumiq.com www.google.com www.google.co.nz kmartau.mo.cloudinary.net www.google.nl www.google.com.ph embed.salefinder.com.au www.google.co.uk *.pinterest.com druidbotservice.prod.druidprod.a-kmtkmg.net cdn.truefitcorp.com *.cloudfront.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: web-writer.eu.smartlook.cloud www.gstatic.com g.clarity.ms e.clarity.ms ac.cnstrc.com web-writer.sg.smartlook.cloud f.clarity.ms j.clarity.ms *.optimizely.com *.tiktok.com i.clarity.ms a.clarity.ms h.clarity.ms b.clarity.ms fonts.gstatic.com *.googleapis.com *.kmart.com.au d.clarity.ms bat.bing.com respondent.survicate.com analytics.google.com www.paypal.com *.doubleclick.net gateway.zscalerone.net *.facebook.com m.clarity.ms *.cloudfront.net druidbotservice.prod.druidprod.a-kmtkmg.net staticw2.yotpo.com n.clarity.ms *.pinterest.com k.clarity.ms l.clarity.ms api.paydock.com quick-ar.threedy.ai cdn.truefitcorp.com assets-proxy.smartlook.cloud www.googletagmanager.com druidapi.prod.druidprod.a-kmtkmg.net www.google.com web-writer.us.smartlook.cloud www.google-analytics.com databridge.tdbtrk.com seoab.io *.snapchat.com adservice.google.com region1.google-analytics.com events-writer.smartlook.com bam.nr-data.net images.ctfassets.net manager.eu.smartlook.cloud kmartau.mo.cloudinary.net api-cdn.yotpo.com consumer.truefitcorp.com www.google.com.au; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.truefitcorp.com cdn.honey.io fonts.gstatic.com www.googletagmanager.com surveys-static.survicate.com yotpo-stool.s3.amazonaws.com staticw2.yotpo.com *.kmart.com.au gateway.zscalerone.net *.googleapis.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: surveys-static.survicate.com druidapc.prod.druidprod.a-kmtkmg.net cdn.honey.io *.googleapis.com cdn.truefitcorp.com embed.salefinder.com.au gateway.zscalerone.net staticw2.yotpo.com *.kmart.com.au; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net 	 https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net 		https://ob.cheqzone.com 		https://analytics.google.com 		https://www.google.com 		https://www.googleoptimize.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.stackadapt.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
frame-ancestors 'self'; report-uri https://www.adelaidenow.com.au/csp-reports 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; require-trusted-types-for 'script'; object-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; 1
default-src 'self' data: blob: cdn.cbs.nl www.cbs.nl odata4.cbs.nl cbs.piwik.pro cbs.containers.piwik.pro www.google-analytics.com analytics.eu.kaltura.com cfvod.eu.kaltura.com api.eu.kaltura.com api.cdnjs.com vodcdn.eu.kaltura.com api.usabilla.com opendata.cbs.nl dataderden.cbs.nl www.pingvp.com www.google.com geodata.nationaalgeoregister.nl public.tableau.com localfocus2.appspot.com cbsnl.maps.arcgis.com ec.europa.eu livecdn.eu.kaltura.com d6tizftlrpuof.cloudfront.net ;img-src 'self' data: blob: cdn.cbs.nl www.google-analytics.com api.eu.kaltura.com d6tizftlrpuof.cloudfront.net w.usabilla.com cfvod.eu.kaltura.com cbs.piwik.pro validator.swagger.io service.pdok.nl public.tableau.com *.tile.openstreetmap.org;report-uri /cspreport;style-src 'self' 'unsafe-inline' cdn.cbs.nl cdn.jsdelivr.net cdnjs.cloudflare.com d6tizftlrpuof.cloudfront.net;font-src 'self' data: cdn.cbs.nl cdnjs.cloudflare.com api.eu.kaltura.com d6tizftlrpuof.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.cbs.nl api.eu.kaltura.com w.usabilla.com api.usabilla.com cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com api.cdnjs.com cbs.piwik.pro cbs.containers.piwik.pro www.google-analytics.com analytics.eu.kaltura.com d3js.org www.google.com www.gstatic.com public.tableau.com ajax.googleapis.com d6tizftlrpuof.cloudfront.net 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/abc_xyz 1
default-src data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vtb.ru; style-src data: blob: 'unsafe-inline' https://*; img-src data: blob: https://*; connect-src blob: 'self' https://*.vtb.ru; object-src blob: 'self' https://*; font-src data: blob: 'self' https://*; worker-src blob: 'self' https://*.vtb.ru; media-src data: blob: filesystem: 'self' https://*; manifest-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src qoe-1.yottaa.net self https:; connect-src self https: *.typekit.net; script-src-elem blob self https: 'unsafe-inline'; img-src self https: data:; style-src blob self https: 'unsafe-inline'; script-src blob self https: 'unsafe-inline'; style-src-elem self https: 'unsafe-inline'; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=a244R10OWtLFnA&ruleName=Content%20Security 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
default-src 'self'; connect-src 'self' analytics.init.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.soraapp.com https://*.overdrive.com; connect-src 'self' https://*.soraapp.com https://*.overdrive.com https://api.duckduckgo.com https://*.od-cdn.com https://*.cachefly.net; font-src 'self' data:; frame-src 'self' https://*.soraapp.com https://*.google.com; img-src 'self' data: https://*.od-cdn.com https://*.overdrive.com https://duckduckgo.com https://biglibraryread.com; script-src 'self' 'nonce-e8448d70d5105df3e6f3b1612df22728' https://*.google.com; style-src 'self' 'unsafe-inline' https://*.google.com; require-trusted-types-for 'script'; frame-ancestors 'self' https://classroom.google.com; trusted-types sanitizer unsafe dompurify scriptHelper 1
font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com fonts.gstatic.com framework-gb.cdn.gob.mx *.imss.gob.mx; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net *.twitter.com *.imss.gob.mx *.doubleclick.net framework-gb.cdn.gob.mx translate.google.com www.google.com www.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.twitter.com *.facebook.com *.imss.gob.mx www.google.com www.youtube.com fecdn.user1st.info; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.imss.gob.mx framework-gb.cdn.gob.mx *.googleapis.com www.google.com cdnjs.cloudflare.com; form-action  *.imss.gob.mx; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.imss.gob.mx bam.nr-data.net *.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net js-agent.newrelic.com cdnjs.cloudflare.com www.gstatic.com framework-gb.cdn.gob.mx *.googleapis.com www.google-analytics.com code.jquery.com *.facebook.net www.google.com *.twitter.com ssl.google-analytics.com fecdn.user1st.info *.imss.gob.mx; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.gs.com; script-src 'unsafe-inline' 'unsafe-eval' *.gs.com:* https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com ir-vh.akamaihd.net https://amp.akamaized.net https://cdn.appdynamics.com; connect-src 'self' wss://*.gs.com:* *.gs.com:* https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com ir-vh.akamaihd.net https://amp.akamaized.net  https://col.eum-appdynamics.com https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com *.datadoghq.com; img-src *.gs.com:* https://gsgir.122.2o7.net data: blob: https://col.eum-appdynamics.com; style-src 'unsafe-inline' *.gs.com:* https://fast.fonts.net; media-src 'self' *.gs.com ir-vh.akamaihd.net blob: https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com; frame-ancestors 'self' https://goldmansachs.experiencecloud.adobe.com:*; worker-src blob: *.gs.com:* *.gs.com:*; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_appsheet_com 1
default-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.twitter.com *.google.com *.facebook.com *.wowza.com http://wowzaprod123-i.akamaihd.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net *.typekit.net *.twitter.com *.twimg.com *.wowza.com *.icontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.facebook.net *.cloudflare.com https://secure.adnxs.com *.demandbase.com *.icontact.com *.gstatic.com *.google.com *.wowza.com; img-src 'self' data: *.youtube.com  https://aepcdn.com *.twitter.com *.google-analytics.com *.twimg.com *.twimg.com *.facebook.com https://secure.adnxs.com *.demandbase.com https://aep-power.tsyawshost.com *.icontact.com http://prod-railsapp.s3.amazonaws.com; connect-src 'self' http://wowzaprod123-i.akamaihd.net *.wowza.com https://americanelectric2018tf.q4web.com; media-src 'self' http://wowzaprod123-i.akamaihd.net *.youtube.com blob: ; font-src 'self' https://use.typekit.net data: ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fast.fonts.net http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/  http://player.polyv.net http://cdn.cookielaw.org http://cdn.cookielaw.org https://cdn.cookielaw.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.polyv.net https://player.polyv.net https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ http://cdnjs.cloudflare.com http://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1
img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1
connect-src 'self' *.bazaarvoice.com *.clarity.ms *.crazyegg.com *.demdex.net *.doubleclick.net *.forter.com *.googleapis.com *.perimeterx.net *.px-cdn.net *.px-client.net *.px-cloud.net *.pxchk.net *.taboola.com *.totalwine.com *.tt.omtrdc.net adservice.google.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net bat.bing.com cdn.cookielaw.org cms.totalwine.bloomreach.cloud ct.pinterest.com d.adroll.com d2o5idwacg3gyw.cloudfront.net data geolocation.onetrust.com in.visitors.live ipapi.co pagead2.googlesyndication.com privacyportal.onetrust.com recs.richrelevance.com schema.milestoneinternet.com settings.luckyorange.net siteintercept.qualtrics.com t.co totalwine-sites.secure.force.com trail.grin.co us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net vimeo.com wss://cdn0.forter.com wss://in.visitors.live wss://visitors.live www.cloudflare.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com www.instagram.com www.paypal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bazaarvoice.com *.clarity.ms *.forter.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.perimeterx.net *.totalwine.siteintercept.qualtrics.com 172.22.43.24:15871 3001.scriptcdn.net 7rm60015.ibosscloud.com aa.agkn.com activitymap.adobe.com amplify.outbrain.com analytics-static.ugc.bazaarvoice.com analytics.twitter.com api.datasteam.io api.microsofttranslator.com apis.murdoog.com appslinker.net ascend.pepperjam.com assets.acdn.no assets.adobedtm.com assets.photo-ac.com auctioneer.50million.club bam-cell.nr-data.net bam.nr-data.net bat.bing-int.com bat.bing.com biglinksrc.cool blipznchitzcom-a.akamaihd.net blob: bpb.opendns.com brounelink.com c.paypal.com c2op6nqb.micpn.com captcha.px-cdn.net cdn.bitkeep.vip cdn.brcdn.com cdn.cookielaw.org cdn.credithub.com.br cdn.datasteam.io cdn.jsdelivr.net cdn.mathjax.org cdn.optitc.com cdn.pdst.fm cdn.segment.com cdn.tt.omtrdc.net cdn.walkme.com cdncache-a.akamaihd.net cdnjs.cloudflare.com client.px-cloud.net clipsold.com cms.totalwine.bloomreach.cloud code-origin.murdoog.com components.pearl.com connect.facebook.net conoret.com container.pepperjam.com core.conversant.mgr.consensu.org d.adroll.com d.la1-c2-ia5.salesforceliveagent.com d213nytzlt2v5a.cloudfront.net d35u1vg1q28b3w.cloudfront.net d38xvr37kwwhcm.cloudfront.net dakotaram.com data display.ugc.bazaarvoice.com docs.paymentjs.firstdata.com donewrork.org f5rrzo.x9m86.com f5smf2.svn0czn.com floatingplayer.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com geolocation.onetrust.com googleads.g.doubleclick.net hublosk.com i0gj.su3e5.com js-agent.newrelic.com js.adsrvr.org jullyambery.net lisegreen.biz login-ds.dotomi.com mpsnare.iesnare.com ongc4tnp.d2sri.com player.vimeo.com q3y57.ap6ktv.com qdatasales.com relatedgamesnet-a.akamaihd.net rialto-gms.s3.amazonaws.com s.adroll.com s.cmptch.com s.pinimg.com s.pmddby.com s3.amazonaws.com schema.milestoneinternet.com script.crazyegg.com secure.mycouponsmartmac.com secure.myshopcouponmac.com secure.myshopmatemac.com secure.quantserve.com secure.shoptimizelymac.com service.securesrv12.com shopstorys.com siteintercept.qualtrics.com static.ads-twitter.com static.contextall.com static.lightning.force.com static.regsvcs.theknot.com static.tacdn.com static.zdassets.com stonly.com subwayclanscom-a.akamaihd.net sysfileff.com teddytor.abtasty.com test.micpn.com threatprotection.nordvpn.com toolbox.static.eu.context.cloud.sap totalwine-sites.secure.force.com totalwine.my.salesforce.com totalwine.widget.custhelp.com tpc.googlesyndication.com tr.outbrain.com try.abtasty.com twitter.com ucads-cdn.ucweb.com unpkg.com worksrc.cool www.googleadservices.com www.googletagmanager.com www.microsofttranslator.com www.myregistry.com www.pagespeed-mod.com www.paypal.com www.paypalobjects.com www.todyl.com www.totalwine.com www.upsellit.com www.youtube.com zne8jbwf0djz2vvnd-totalwine.siteintercept.qualtrics.com zswpmanager.wip.mmc.com; report-uri https://csp.px-cloud.net/report?report=1&id=679a0df4ba0af124d96515183a579c2a&app_id=PXFF0j69T5 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';         script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.euro.confirmit.com *.getsitecontrol.com *.episerver.net *.siteimproveanalytics.com *.sitester.com;          style-src 'self' https: 'unsafe-inline';          font-src 'self' data:;         object-src 'none';         form-action 'self';          base-uri 'self';      frame-src *.kaltura.nordu.net *.slu.se *.emg-srs.com *.youtube.com;         frame-ancestors 'self';         connect-src 'self' *.vizzit.se digitalfeedback.euro.confirmit.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
default-src 'self' *.hsbc.com.hk *.mastercard.com.au; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.hangseng.com *.amazonaws.com s.yimg.com *.brightcove.net *.amap.com *.demdex.net secure-ds.serving-sys.com www.recaptcha.net *.omtrdc.net bat.bing.com *.ytimg.com *.gstatic.cn *.zencdn.net *.mastercard.com.au; img-src 'self' blob: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.googleapis.com *.facebook.com data: *.gstatic.com *.google.co.uk *.hsbc.ae t.co *.linkedin.com *.omtrdc.net *.google.ae *.hangseng.com branch.explorer.hase.hk.hsbc intranet-hase.hk.hsbc *.optimizely.com img.youtube.com *.adsrvr.org *.analytics.yahoo.com *.demdex.net cm.everesttech.net www.facebook.com *.lpsnmedia.net *.sc.omtrdc.net *.googletagmanager.com bat.bing.com *.autonavi.com *.ytimg.com *.brightcove.com *.trkd-hs.com *.liveperson.net *.etnet.com.hk *.boltdns.net *.day.com *.tealiumiq.com *.amap.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om blob: *.hangseng.com http://127.0.0.1:5000 *.adsrvr.org *.doubleclick.net *.google.com.hk *.customers.biocatch.com eum-appdynamics.com bat.bing.com rdp.hangseng.com *.trkd-hs.com *.liveperson.net *.brightcove.com *.amazonaws.com *.googletagmanager.com *.boltdns.net *.akamaihd.net *.amap.com *.cardinalcommerce.com *.arcot.com *.mastercard.com *.launchdarkly.com *.mastercard.com.au; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net cdntm.hangseng.com *.online-metrix.net www.youtube.com *.brightcove.net *.demdex.net www.facebook.com www.recaptcha.net *.tiqcdn.com *.cardinalcommerce.com *.arcot.com *.mastercard.com *.mastercard.com.au; frame-ancestors 'self' *.hsbc.com.hk; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.hangseng.com fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com *.hangseng.com *.liveperson.net; object-src 'self' blob:; child-src 'self'; upgrade-insecure-requests ; media-src *.brightcove.com *.lpsnmedia.net *.hangsenginvestment.com; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ubembed.com *.facebook.net *.wistia.com *.doubleclick.net *.addthis.com *.marketo.net *.pinimg.com *.addthis.com *.crazyegg.com *.licdn.com *.ads-twitter.com *.demandbase.com *.addthisedge.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.moatads.com; style-src 'self' 'unsafe-inline' *.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' *.mktoresp.com *.ubembed.com *.google.com *.addthis.com *.company-target.com *.pinterest.com *.wistia.com *.akamaihd.net *.litix.io *.crazyegg.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com; font-src 'self' data: *.typekit.net; frame-ancestors 'self'; frame-src 'self' *.ubembed.com *.doubleclick.net *.vimeo.com *.addthis.com *.facebook.com *.youtube.com; img-src 'self' data: *.twitter.com *.explorelearning.com *.pinterest.com *.wistia.com *.vimeocdn.com *.ytimg.com *.rlcdn.com *.bidr.io *.linkedin.com https://t.co *.facebook.com *.google-analytics.com *.google.com *.company-target.com *.adsymptotic.com; media-src 'self'; worker-src blob:; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-9ead045be2737aa388c73b08cd00e3ea' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'none'; connect-src 'self' https://api.prod.eurostar.com https://eus-events.conductrics.com https://www.facebook.com https://collect-eu-west-1.tealiumiq.com https://chat.kommunicate.io https://region1.google-analytics.com https://www.google-analytics.com https://c.contentsquare.net https://tr.snapchat.com https://stats.g.doubleclick.net https://api.kommunicate.io https://cdn.kommunicate.io https://bat.bing.com https://collect.tealiumiq.com https://r.contentsquare.net https://checkoutshopper-live.adyen.com https://adservice.google.com https://www.google.com wss://socket5.kommunicate.io https://maps.googleapis.com https://www.paypal.com wss://socket.applozic.com:80 https://bots.kommunicate.io https://cognito-idp.eu-west-1.amazonaws.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://tags.tiqcdn.com https://googleads.g.doubleclick.net https://scripts.eurostar.com https://visitor-service-eu-west-1.tealiumiq.com https://connect.facebook.net https://region1.google-analytics.com https://www.google-analytics.com https://i.ctnsnet.com https://cdn.kommunicate.io https://www.googleadservices.com https://www.googletagmanager.com https://consentag.eu https://sp.analytics.yahoo.com https://eus.cdn-v3.conductrics.com https://w.usabilla.com https://sc-static.net https://secure.quantserve.com https://cdn.applozic.com https://acdn.adnxs.com https://rules.quantcount.com https://analytics.twitter.com https://ad.doubleclick.net https://www.googletagservices.com https://pagead2.googlesyndication.com https://maps.googleapis.com https://www.google.com https://api.usabilla.com; script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://w.usabilla.com https://tags.tiqcdn.com https://cdn.kommunicate.io https://cdn.applozic.com https://region1.google-analytics.com https://www.google-analytics.com https://scripts.eurostar.com https://connect.facebook.net https://acdn.adnxs.com https://consentag.eu https://rules.quantcount.com https://www.googletagmanager.com https://www.googletagservices.com https://pagead2.googlesyndication.com https://sc-static.net https://secure.quantserve.com https://eus.cdn-v3.conductrics.com https://tags.tiqcdn.com https://analytics.twitter.com https://i.ctnsnet.com https://widget.kommunicate.io https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://visitor-service-eu-west-1.tealiumiq.com; script-src-attr 'unsafe-inline'; frame-src https://consentag.eu https://9567338.fls.doubleclick.net https://tr.snapchat.com https://4978547.fls.doubleclick.net https://checkoutshopper-live.adyen.com https://www.facebook.com https://www.google.com https://bid.g.doubleclick.net https://api.prod.eurostar.com https://www.paypalobjects.com; child-src blob: https://4978547.fls.doubleclick.net https://consentag.eu https://9567338.fls.doubleclick.net https://tr.snapchat.com https://checkoutshopper-live.adyen.com https://bid.g.doubleclick.net https://api.prod.eurostar.com https://www.google.com https://www.paypal.com https://www.paypalobjects.com; worker-src blob:; style-src 'unsafe-inline' 'self' https://cdn.kommunicate.io https://fonts.googleapis.com https://content-static.eurostar.com; style-src-elem 'unsafe-inline' 'self' https://cdn.kommunicate.io; style-src-attr 'unsafe-inline'; font-src 'self' data: https://static.eurostar.com https://fonts.gstatic.com https://content.eurostar.com; img-src 'self' data: https://www.google.fr https://www.google.nl https://www.google.com.ar https://www.google.com.mx https://www.google.com.my https://www.google.com.pk https://packages-assets.eurostar.com https://www.google.be https://seal.digicert.com https://www.facebook.com https://www.google.com https://region1.google-analytics.com https://www.google-analytics.com https://pixel.quantserve.com https://www.google.co.uk https://www.google.com https://sp.analytics.yahoo.com https://cdn.sanity.io https://bat.bing.com https://c.contentsquare.net https://px.adnxs.com https://secure.adnxs.com https://pubads.g.doubleclick.net https://s3.amazonaws.com/kommunicate.s3/profile_pic/ https://pixel.mediaiqdigital.com https://t.co https://www.googletagmanager.com https://ib.adnxs.com https://content-static.eurostar.com https://googleads4.g.doubleclick.net https://static.eurostar.com https://t.paypal.com https://checkoutshopper-live.adyen.com https://www.google.com.bh https://www.google.fr https://www.google.com.sg https://www.google.ie https://www.google.ca https://www.google.com.au https://www.google.cl https://maps.googleapis.com https://ad.doubleclick.net https://maps.gstatic.com https://googleads.g.doubleclick.net https://adservice.google.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://pxl.qccerttest.com; media-src https://cdn.kommunicate.io; prefetch-src https://www.eurostar.com; report-uri https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV3AvLFl8cFJizCyoPjtdrc2TKyVN8zmt8SJmAnZoMAxzgDeZwLuU-C2UsXndXALigR-I39YasVmxBeW9fddmwoqeNonZp5g_p8Pz0-AKgiInQ== 1
object-src 'none' media.blueapron.com; manifest-src 'self'; media-src 'self' static.zdassets.com media.blueapron.com; report-uri https://sjsbnmrmh4.execute-api.us-east-1.amazonaws.com/Prod/report_csp_violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-i7Ijc8PA94zDY+LUJy9BEQ=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
default-src 'self' * data: filesystem: about: blob: ws: wss:; script-src 'self' * 'unsafe-eval' 'unsafe-inline'; img-src 'self' * data: filesystem: about: blob:; font-src 'self' *; style-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * ws: wss: 1
default-src 'self' 'unsafe-inline'; img-src data: https:; script-src-elem 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https:; frame-src https:; object-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; report-uri /csp-violation-report-endpoint/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AN7V1F1VY261K:sid=257-0746713-1822903:rid=7ZJAJBJA89SJA0Z9XWCR:sn=www.audible.de 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self'   https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample' https://static.zdassets.com https://ekr.zdassets.com https://internations.zendesk.com https://*.zopim.com wss://internations.zendesk.com wss://*.zopim.com; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com https://*.zuora.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data: https://v2assets.zopim.io https://static.zdassets.com; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.zuora.com 'report-sample' https://static.zdassets.com https://ekr.zdassets.com https://internations.zendesk.com https://*.zopim.com wss://internations.zendesk.com wss://*.zopim.com; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/  https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: apikeys.civiccomputing.com *.tiktok.com a.clarity.ms b.clarity.ms *.doubleclick.net *.twitter.com www.google-analytics.com m.clarity.ms n.clarity.ms e.clarity.ms f.clarity.ms d.clarity.ms i.clarity.ms j.clarity.ms *.serving-sys.com *.facebook.com h.clarity.ms; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com *.twitter.com www.clarity.ms cdn.syndication.twimg.com cc.cdn.civiccomputing.com *.doubleclick.net www.google.com *.ads-twitter.com *.googleadservices.com content.totalwar.com www.google-analytics.com www.googletagmanager.com player.twitch.tv *.facebook.net; form-action  *.twitter.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: s.w.org www.google-analytics.com content.totalwar.com c.clarity.ms *.facebook.com pbs.twimg.com cdn.creative-assembly.com totalwar-confluence:8090 *.twitter.com bat.bing.com www.google.com alb.reddit.com abs.twimg.com ton.twimg.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.youtube.com *.twitter.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com content.totalwar.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ton.twimg.com content.totalwar.com *.twitter.com *.googleapis.com; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.bio-rad.com/ https://commerce.bio-rad.com/ https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://munchkin.marketo.net/ https://snap.licdn.com/ https://www.google.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://rules.quantcount.com/ https://www.google-analytics.com/ https://secure.quantserve.com/ https://ws.sessioncam.com/ https://gateway.foresee.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://bat.bing.com/ https://resources.xg4ken.com/ https://app-abd.marketo.com/ https://d2oh4tlt9mrke9.cloudfront.net/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/ https://www.gstatic.com/ https://cdncache-a.akamaihd.net/ https://s.dcbap.com/ https://stonly.com/ https://s.pmddby.com/ https://translate.googleapis.com/ https://tpc.googlesyndication.com/ https://cdn.mcfarland.cn/ https://cdn.jsdelivr.net/npm/; style-src 'self' 'unsafe-inline' *.bio-rad.com https://app-abd.marketo.com/ https://gateway.foresee.com https://fonts.googleapis.com/ https://translate.googleapis.com/ https://cdn.jsdelivr.net/npm/; img-src 'self' data: https:; media-src 'self'; frame-src *; frame-ancestors *; child-src *; font-src 'self' data: *.bio-rad.com https://gateway.foresee.com https://fonts.gstatic.com/ https://static3.avast.com/ https://github.com/google/ https://cdn.scite.ai/ https://use.typekit.net/ https://github.com/google/fonts/blob/master/apache/opensans/; connect-src * data: 'unsafe-inline'; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-iY3ZFLE/8sn3Z6Cy/bHJ' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; base-uri https://www.elysee.fr; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; form-action 'self'; frame-ancestors 'none'; img-src https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; plugin-types video/*; script-src 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; style-src https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com seeedstudio.us11.list-manage.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com *.paypal.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com https://bid.g.doubleclick.net seeedstudio.us11.list-manage.com *.sandbox.braintree-api.com *.paypal.com; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.google.com/ *.meetanshi.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net *.taboola.com seeedstudio.us11.list-manage.com *.seeedstudio.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com *.paypal.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com https://www.youtube.com; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.magezon.com *.meetanshi.com *.seeedstudio.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com *.google.com.tw bat.bing.com *.facebook.com *.linkedin.com disqus.com *.disqus.com *.amazonaws.com *.taboola.com *.scorecardresearch.com *.viglink.com p.adsymptotic.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com static.cloudflareinsights.com *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.google.com/ *.meetanshi.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com bazaar-upgrade.seeed.local bat.bing.com connect.facebook.net snap.licdn.com googleads.g.doubleclick.net stats.g.doubleclick.net disqus.com *.disqus.com *.disquscdn.com seeedsite.disqus.com *.taboola.com *.scorecardresearch.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com *.sandbox.braintree-api.com *.paypal.com static.cloudflareinsights.com https://www.googletagmanager.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.seeedstudio.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com nwzimg.wezhan.net *.sandbox.braintree-api.com *.paypal.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com https://get.geojs.io *.avada.io *.meetanshi.com *.seeedstudio.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net *.taboola.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com arms-retcode.aliyuncs.com/ *.sandbox.braintree-api.com static.cloudflareinsights.com https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-inline' *.digid.nl piwik.dtnr.nl statistiek.mijn.overheid.nl; img-src data: *.digid.nl *.rovid.nl statistiek.mijn.overheid.nl piwik.dtnr.nl; style-src 'unsafe-inline' *.digid.nl; default-src 'self' *.digid.nl *.rovid.nl; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self'; font-src 'self'; report-uri https://sentry.dtnr.nl/api/27/security/?sentry_key=c9d3f5611a344f9b804f85f28ad19a46&sentry_environment=production 1
frame-ancestors 'self'; report-uri https://mizar.unive.it/alvise.rabitti/cspreport/report.php; 1
script-src 'self'; object-src 'self' 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-9eb8d37fb9f185324be1fda9c7e46c69' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' *.antpedia.com v.antwebinar.com hm.baidu.com m.baidu.com jspassport.ssl.qhimg.com *.google-analytics.com zz.bdstatic.com s.ssl.qhres.com sp0.baidu.com s.360.cn c.mipcdn.com wpa.qq.com res.wx.qq.com mp.weixin.qq.com msite.baidu.com ae.bdstatic.com share.baidu.com bdimg.share.baidu.com *.alicdn.com *.cn-hangzhou.log.aliyuncs.com *.dns-detect.alicdn.com browser.sentry-cdn.com push.zhanzhang.baidu.com po.srf.baidu.com toutong.baidu.com static.bshare.cn cdn.jsdelivr.net sentry.io *.googleapis.com *.cnzz.com api.map.baidu.com *.uc.cn uc.gre *.gstatic.com *.ucweb.com bshare.optimix.cn s2.pstatp.com 'unsafe-inline' 'unsafe-eval'; img-src * data: ; upgrade-insecure-requests; frame-src https://*.qq.com https://*.antpedia.com webcompt:; 1
base-uri 'self';script-src-elem 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hs-analytics.net/analytics/ https://www.googletagmanager.com/gtag/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://x.clearbitjs.com/ 'nonce-41f3739a2cb05f45';report-uri /api/report_csp_violation; 1
default-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' img.youtube.com https:; object-src 'none'; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-fdf9f583c906da3b7a5873f3e43b3411' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.recaptcha.net; img-src 'self' blob: data: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.facebook.com *.googletagmanager.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.hsbc.co.uk; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'; default-src 'self'; connect-src 'self' https://na-data-projects.s3.amazonaws.com https://releases.wagtail.io https://www.google-analytics.com https://stats.g.doubleclick.net https://sumo.com https://bam-cell.nr-data.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com http://static.ads-twitter.com https://static.ads-twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://na-data-projects.s3.amazonaws.com https://www.youtube.com https://cdnjs.cloudflare.com; script-src-elem https://js-agent.newrelic.com https://load.sumo.com https://www.google-analytics.com https://www.youtube.com https://analytics.twitter.com https://bam-cell.nr-data.net; frame-src 'self' datawrapper.dwcdn.net https://www.google.com https://www.youtube.com; media-src 'self'; font-src 'self' https://d3fvh0lm0eshry.cloudfront.net; img-src 'self' https://d3fvh0lm0eshry.cloudfront.net https://d1y8sb8igg2f8e.cloudfront.net data: https://*.gravatar.comhttps://t.co https://www.google-analytics.comhttps://micro-cdn.sumo.com; report-uri https://o357627.ingest.sentry.io/api/2985675/security/?sentry_key=f4f199da565a4320b619d2f4e8eb928f 1
default-src 'self' *.fabfitfun.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fabfitfun.com *.recurly.com *.amazonaws.com *.ada.support www.dwin1.com *.google-analytics.com *.doubleclick.net www.googleadservices.com www.googletagmanager.com *.hcaptcha.com hcaptcha.com *.exitintel.com *.facebook.net *.facebook.com *.tiktok.com *.cookielaw.org *.segment.com *.tvsquared.com *.onetrust.com *.adsrvr.org sc-static.net *.zdassets.com *.crrnt.app *.pixlee.com *.roeyecdn.com *.amplitude.com *.bing.com *.googleapis.com *.exitintel.com *.jsdelivr.net *.datadoghq-browser-agent.com *.gladly.com *.braintreegateway.com *.paypal.com *.cloudflare.com *.hotjar.com *.clarity.ms blob:; style-src 'self' 'unsafe-inline' *.fabfitfun.com *.googleapis.com; connect-src 'self' *.fabfitfun.com *.browser-intake-datadoghq.com api.recurly.com *.segment.io *.launchdarkly.com *.logs.datadoghq.com *.cookielaw.org *.optimizely.com *.launchdarkly.com *.ada.support *.doubleclick.net ekr.zdassets.com *.zendesk.com *.hcaptcha.com wss://*.zopim.com *.pixlee.com *.tiktok.com *.amplitude.com *.paypal.com *.braintree-api.com *.onetrust.com www.google-analytics.com pactsafe.io *.gladly.com *.hotjar.com *.hotjar.io *.clarity.ms; frame-src 'self' *.doubleclick.net *.avct.cloud *.avocet.io *.ada.support id.rlcdn.com *.hcaptcha.com *.recurly.com *.bidswitch.net *.sharethrough.com *.bfmio.com *.pubmine.com *.teads.tv *.gumgum.com *.paypal.com *.braintree-api.com *.adsrvr.org *.hotjar.com; img-src 'self' *.fabfitfun.com  *.google-analytics.com *.discourse.org *.cloudinary.com *.w55c.net *.adxcel-ec2.com *.facebook.com *.hcaptcha.com *.amazonaws.com *.doubleclick.net *.roeye.com *.bing.com *.google.com *.scorecardresearch.com *.tvsquared.com *.twitter.com *.exitintel.com *.googleadservices.com *.media.net *.smartclip.net data:; font-src 'self' *.fabfitfun.com  fonts.gstatic.com data:; media-src 'self' *.zdassets.com; object-src 'none'; 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-c6c9878109c6be3a7cec36e53fcbc8f0' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: banner.appsflyer.com *.doubleclick.net wss://gc.kis.v2.scr.kaspersky-labs.com api-customer.cartaomeliuz.com.br www.google-analytics.com www.googletagmanager.com app.securiti.ai 83169dbd88ac4d2ea2e56faef723e63c.events.ubembed.com www.meliuz.com.br onesignal.com fonts.gstatic.com vc.hotjar.io region1.google-analytics.com customer.meliuz.com.br staticz.com.br sentry.io www.google.com *.tiktok.com *.googlesyndication.com adservice.google.com *.googleapis.com us-central1-lembrador-e49af.cloudfunctions.net cdn-prod.securiti.ai csi.gstatic.com use.typekit.net *.hotjar.com creatives-cdn.appsflyer.com *.googleusercontent.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googlesyndication.com *.tiktok.com assets.ubembed.com *.googleapis.com staticz.com.br adservice.google.com cdn.appsflyer.com stats.wp.com cdn-prod.securiti.ai www.google.com www.googleoptimize.com www.googletagservices.com *.hotjar.com *.googleadservices.com www.meliuz.com.br 83169dbd88ac4d2ea2e56faef723e63c.js.ubembed.com www.gstatic.com maxcdn.bootstrapcdn.com www.googletagmanager.com adservice.google.pt cdn.jsdelivr.net websdk.appsflyer.com apis.google.com adservice.google.com.br *.ampproject.org *.doubleclick.net onesignal.com *.ads-twitter.com cdn.onesignal.com gc.kis.v2.scr.kaspersky-labs.com *.facebook.net; form-action  *.facebook.com www.meliuz.com.br; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: s.w.org www.meliuz.com.br www.google-analytics.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.facebook.com impressions.onelink.me img.onesignal.com www.gstatic.com staticz.com.br fonts.gstatic.com csi.gstatic.com s3-sa-east-1.amazonaws.com static.meliuz.com.br www.googletagmanager.com www.google.com.br *.twitter.com t.co www.google.com pixel.wp.com *.googlesyndication.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.meliuz.com.br; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: accounts.google.com www.googletagmanager.com *.doubleclick.net www.youtube.com www.google.com *.googlesyndication.com 83169dbd88ac4d2ea2e56faef723e63c.pages.ubembed.com *.hotjar.com *.facebook.com staticz.com.br www.meliuz.com.br; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.appsflyer.com *.googleusercontent.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.megabonus.com use.typekit.net static3.avast.com www.googletagmanager.com *.googleapis.com staticz.com.br www.meliuz.com.br; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.meliuz.com.br maxcdn.bootstrapcdn.com www.googletagmanager.com p.typekit.net cdn-prod.securiti.ai *.googleapis.com staticz.com.br use.typekit.net cdn.jsdelivr.net; frame-ancestors 'self' ; report-uri /csp_report 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://us-central1-shinesumoplus.cloudfunctions.net/report-uri 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; script-src 'nonce-2efcee4d79414c34a1677397d662b8f0'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; style-src 'self' 'nonce-2efcee4d79414c34a1677397d662b8f0'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=143-9365355-4656430:rid=E30225C01385471983F0:sn=www.amazongames.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.paddle.com connect.facebook.net mc.yandex.com mc.yandex.ru quantcast.mgr.consensu.org rules.quantcount.com secure.quantserve.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.paddle.com use.fontawesome.com www.iubenda.com translate.googleapis.com; img-src 'self' data: cms.quantserve.com mc.webvisor.org mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.uz pixel.quantcount.com pixel.quantserve.com ssl.google-analytics.com ssl.gstatic.com translate.google.com translate.googleapis.com www.facebook.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tn www.google.tt www.google.td www.google.je www.google.ws www.google.rw www.google.co.mz www.google.sc www.google.tm www.google.ga www.google.tg www.google.com.ag www.google.co.in www.google.ad www.google.ml www.google.cg www.google-analytics.com www.googletagmanager.com www.gstatic.com yastatic.net; connect-src 'self' audit-tcfv2.quantcast.mgr.consensu.org code.jquery.com mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz quantcast.mgr.consensu.org translate.googleapis.com www.google-analytics.com stats.g.doubleclick.net est.quantcast.mgr.consensu.org; font-src 'self' fonts.gstatic.com use.fontawesome.com; object-src 'self'; media-src 'self'; form-action 'self'; frame-src 'self' m.youtube.com mc.yandex.com web.facebook.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com youtube.com; child-src 'self' www.facebook.com; worker-src 'self'; manifest-src 'self'; report-uri /secure-headers/report/r/d/csp/enforce; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-18d652d1faa1375b2a4943bb97684390' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
frame-ancestors 'self'; 1
frame-ancestors 'self'; report-uri https://balsamiq.report-uri.com/r/d/csp/reportOnly; report-to https://balsamiq.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' s.pinimg.com; style-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; font-src 'self' data: s.pinimg.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; script-src 'nonce-44cb9db5679e644553e5bce54b1df060' 'strict-dynamic' 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' * 'unsafe-inline' blob:; report-uri /_/_/csp_report/?reportonly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com c7.avaamo.com c7avaamo.s3-us-west-2.amazonaws.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' 'unsafe-inline' https://mc.yandex.ru blob: https://mc.yandex.kz https://magicplayer-s.acestream.net https://pilaff-up.ru http://10.15.249.82 https://w4sef7.svn0czn.com https://stat.sputnik.ru 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; object-src 'self' https://noop.style chrome-extension:; frame-src 'self' https://mc.yandex.md chrome-extension: https://mc.yandex.ru https://dl.metabar.ru https://m.youtube.com https://www.ciuvo.com; report-uri /cspreportonly; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.gstatic.com *.googletagmanager.com *.qualtrics.com *.kaltura.com; style-src 'self' 'unsafe-inline'; default-src 'self' data:; img-src 'self' data: blob: https:; connect-src 'self' https://member.werally.com *.amplitude.com https://browser-http-intake.logs.datadoghq.com https://rum-http-intake.logs.datadoghq.com *.qualtrics.com *.google-analytics.com s3.amazonaws.com *.s3.amazonaws.com wss://*.sendbird.com https://*.sendbird.com *.rally-dev.com *.werally.in *.werally.com https://*.kaltura.com https://*.optum.com;; worker-src 'self' blob:; font-src 'self' data: https://member.werally.com https://member.int.werally.in; frame-src 'self' *.qualtrics.com; manifest-src 'self'; media-src 'self' data: blob:; report-uri https://member.werally.com/rest/csp-reporter; 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://cdn.paddle.com https://checkout.paddle.com https://*.zopim.com https://*.zdassets.com; frame-src https://www.google.com/ https://optimize.google.com https://checkout.paddle.com https://buy.paddle.com https://create-checkout.paddle.com; connect-src 'self' https://d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://analytics.paddle.com https://browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1
default-src 'none';upgrade-insecure-requests;style-src https: 'unsafe-inline';font-src https: data:;img-src https: data:;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com https://browser.events.data.microsoft.com;frame-src https://login.windows-ppe.net https://login.live.com https://login.live-int.com;worker-src 'self' blob:;child-src 'self' blob:;report-uri /api/csp-report?page=Unauth&reportOnly=True;script-src 'nonce-Mn5N0EF6f83jF3PkPtXFVg==' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic'; 1
default-src 'self' lnk.bio *.lnk.bio *.lnk.bi lnk.bi *.font.la fonts.gstatic.com *.fontawesome.com freegeoip.app *.stripe.com *.paypal.com *.facebook.com  *.apple.com  *.beatstars.com  *.mixcloud.com *.amazon.com https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/  https://cdn.jsdelivr.net/gh/andreaolivato/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://s3.us-west-2.amazonaws.com/cdn.lnk.bio/ https://s3-us-west-2.amazonaws.com/cdn.lnk.bio/; font-src data: 'self' lnk.bio *.lnk.bio *.lnk.bi lnk.bi *.font.la fonts.gstatic.com *.fontawesome.com fonts.googleapis.com *.intercomcdn.com https://cdn.jsdelivr.net/gh/andreaolivato/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ ; img-src data: blob: 'self' https://www.google.de/ads/ https://www.google.it/ads/ https://www.google.ae/ads/ https://translate.google.com/ https://www.google.com.br/ads/ https://www.google.com.sa/ads/ https://www.google.com.uy/ads/ www.googletagmanager.com https://www.google.gr/ads/ https://www.google.com.ec/ads/ https://www.google.co.ve/ads/ https://www.google.cl/ads/ https://www.google.com.co/ads/ https://www.google.com.mx/ads/ https://www.google.ca/ads/ https://www.google.com.pa/ads/ ct.pinterest.com eep.io https://www.google.com.hk/ads/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://www.google.co.uk/ads/ https://www.google.com.au/ads/ www.google.co.nz www.google.nl www.google.com.ph www.google.pl  www.google.com.sg www.google.co.in www.google.be www.google.es *.ttwstatic.com  *.tiktokcdn.com www.google.com.my *.cdninstagram.com www.google.com.ar *.spotifycdn.com www.gstatic.com *.ytimg.com *.intercomassets.com *.paypalobjects.com lnk.bio *.lnk.bio *.lnk.bi lnk.bi https://s3.us-west-2.amazonaws.com/cdn.lnk.bio/ https://s3-us-west-2.amazonaws.com/cdn.lnk.bio/ *.facebook.com *.instagram.com *.twitter.com *.tiktok.com *.stripe.com *.paypal.com www.google.com *.twimg.com *.google-analytics.com *.fbcdn.net *.intercomcdn.com; style-src translate.google.com translate.googleapis.com lnk.bio *.lnk.bio *.lnk.bi lnk.bi *.font.la *.iubenda.com https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/gh/andreaolivato/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://s3.us-west-2.amazonaws.com/cdn.lnk.bio/ https://s3-us-west-2.amazonaws.com/cdn.lnk.bio/ *.stripe.com *.paypal.com 'unsafe-inline' fonts.googleapis.com *.mailchimp.com *.ttwstatic.com; style-src-elem translate.google.com translate.googleapis.com lnk.bio *.lnk.bio *.lnk.bi lnk.bi *.font.la *.iubenda.com https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/gh/andreaolivato/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://s3.us-west-2.amazonaws.com/cdn.lnk.bio/ https://s3-us-west-2.amazonaws.com/cdn.lnk.bio/ *.stripe.com *.paypal.com 'unsafe-inline' fonts.googleapis.com *.mailchimp.com *.ttwstatic.com; script-src 'self' translate-pa.googleapis.com translate.google.com translate.googleapis.com sc-static.net *.snapchat.com s.pinimg.com www.tiktok.com *.ttwstatic.com www.google.com.au www.google.it www.google.com www.gstatic.com *.tiktok.com https://s3.amazonaws.com/downloads.mailchimp.com/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/gh/andreaolivato/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ *.google-analytics.com lnk.bio *.lnk.bio *.lnk.bi lnk.bi 'unsafe-inline' *.iubenda.com kit.fontawesome.com code.jquery.com ajax.googleapis.com https://s3.us-west-2.amazonaws.com/cdn.lnk.bio/ https://s3-us-west-2.amazonaws.com/cdn.lnk.bio/ https://cdn.jsdelivr.net/npm/chart.js@3.9.1/ connect.facebook.net *.stripe.com *.paypal.com *.intercom.io *.intercomcdn.com *.googletagmanager.com ; script-src-elem 'self' translate-pa.googleapis.com translate.google.com translate.googleapis.com sc-static.net *.snapchat.com s.pinimg.com www.tiktok.com *.ttwstatic.com www.google.com.au www.google.it www.google.com www.gstatic.com *.tiktok.com https://s3.amazonaws.com/downloads.mailchimp.com/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/gh/andreaolivato/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ *.google-analytics.com lnk.bio *.lnk.bio *.lnk.bi lnk.bi 'unsafe-inline' *.iubenda.com kit.fontawesome.com code.jquery.com ajax.googleapis.com https://s3.us-west-2.amazonaws.com/cdn.lnk.bio/ https://s3-us-west-2.amazonaws.com/cdn.lnk.bio/ https://cdn.jsdelivr.net/npm/chart.js@3.9.1/ connect.facebook.net *.stripe.com *.paypal.com *.intercom.io *.intercomcdn.com *.googletagmanager.com ; connect-src 'self' *.snapchat.com analytics.tiktok.com *.lnk.bi lnk.bi www.facebook.com wss://*.intercom.io lnk.bio *.lnk.bio *.intercom.io *.doubleclick.net *.google-analytics.com *.paypal.com ; frame-src 'self' youtube.com *.snapchat.com www.paypal.com www.tiktok.com www.facebook.com www.google.com *.vimeo.com *.tidal.com *.youtube.com *.spotify.com lnk.bio *.lnk.bio *.apple.com  *.beatstars.com  *.mixcloud.com *.amazon.com *.soundcloud.com js.stripe.com ; report-uri /csp-report 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_youtube 1
default-src 'self' https://de-config.sensic.net; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://images.sportschau.de https://www.sportschau.de data: https://*.xiti.com https://syndication.twitter.com https://*.nmrodam.com https://www.facebook.com https://translate.google.com https://www.gstatic.com https://images.sportschau.de; media-src data: http://*.akamaihd.net https://*.akamaihd.net http://*.akamaized.net https://*.akamaized.net *.icecastssl.wdr.de *.rndfnk.com blob: https://*.h-cdn.com https://adaptive.ndr.de https://cdn-storage.br.de https://mcdn.daserste.de https://av-adaptive.swr.de; connect-src 'self' blob: http://*.akamaihd.net https://*.akamaihd.net http://*.akamaized.net https://*.akamaized.net https://adaptive.ndr.de https://eu-api.friendlycaptcha.eu *.h-cdn.com https://ard-de.h-cdn.com https://mcdn.daserste.de https://connect.facebook.net https://*.nmrodam.com https://av-adaptive.swr.de https://*.ard.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-eval' blob: https://*.h-cdn.com https://connect.facebook.net https://*.ioam.de https://*.nmrodam.com https://*.imrworldwide.com; script-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://*.h-cdn.com https://connect.facebook.net https://platform.instagram.com https://*.ioam.de https://*.nmrodam.com https://www.gstatic.com; frame-src 'self' https://platform.twitter.com https://de-config.sensic.net https://livecenter.sportschau.de https://www.instagram.com https://www.facebook.com https://youtu.be https://www.youtube.com https://www.ardaudiothek.de https://*.ioam.de https://*.nmrodam.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; child-src 'self' blob:; report-uri /report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; script-src 'unsafe-eval' 'report-sample' 'nonce-BOZvPoKpO2Web4K6Cag/NA==' blob: an.yandex.ru mc.yandex.ru yastatic.net sso.edadeal.ru; style-src 'self' 'report-sample' 'unsafe-inline' yastatic.net; font-src 'self' yastatic.net; img-src 'self' data: ads.edadeal.ru ads.adfox.ru an.yandex.ru favicon.yandex.net avatars.mds.yandex.net avatars.yandex.net mc.yandex.ru yastatic.net leonardo.edadeal.io leonardo-stage.edadeal.io leonardo-dev.edadeal.io ads.edadeal.ru sso.passport.yandex.ru barcode.edadeal.ru megalith.edadeal.ru; frame-src blob: www.youtube.com yastatic.net sso.passport.yandex.ru sso.edadeal.ru; frame-ancestors https://yandex.ru https://yandex.com https://yandex.by https://ads.adfox.ru; manifest-src edadeal.ru; object-src 'none'; child-src 'self' blob: mc.yandex.ru; connect-src 'self' mc.yandex.ru clck.yandex.ru an.yandex.ru ads.edadeal.ru search.edadeal.io search-stage.edadeal.io matchid.adfox.yandex.ru ads.adfox.ru yandex.ru susanin-dev.edadeal.yandex.net susanin.edadeal.ru kobal.edadeal.ru galochka.edadeal.ru config.edadeal.ru pypaya.edadeal.ru api.edadeal.ru teleport.edadeal.ru fnslinker.edadeal.ru barcode.edadeal.ru lootbox.edadeal.ru usr.edadeal.ru api-mimino.dst.edastage.ru cloud-api.edadeal.ru lc.edadeal.ru squark.edadeal.ru suggest.edastage.yandex.net suggest.edadeal.yandex.net suggest.edastage.ru suggest.edadeal.ru mosaic.edadeal.ru mobile-mosaic.edastage.ru trigger-proxy.edadeal.ru ads.edadeal.ru squark.edadeal.ru cb.edadeal.ru kobal.edastage.ru usr.edadeal.ru barcode.edadeal.ru; report-uri https://csp.yandex.net/csp?from=web&project=edadeal&environment=production&version=4.10.5&yandex_login=undefined&yandexuid=undefined 1
default-src 'self' *.callbackhunter.com callbackhunter.com ws://callbackhunter.com wss://callbackhunter.com *.cbh.lc cbh.lc ws://*.cbh.lc ws://cbh.lc wss://*.cbh.lc wss://cbh.lc https://mc.yandex.ru https://fonts.gstatic.com https://*.doubleclick.net https://*.google.com https://*.google.ru *.facebook.com https://*.facebook.com https://ajax.googleapis.com *.youtube.com https://youtube.com; img-src 'self' data: *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc vk.com https://vk.com t.co https://mc.yandex.ru *.google-analytics.com https://www.google-analytics.com https://analytics.twitter.com *.facebook.com https://*.facebook.com https://*.google.com https://*.google.ru https://*.doubleclick.net *.adroll.com https://*.adroll.com https://pixel.rubiconproject.com ads.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net; style-src 'self' 'unsafe-inline' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.googleapis.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.vimeocdn.com vk.com mc.yandex.ru https://mc.yandex.ru *.googleadservices.com *.google-analytics.com https://www.google-analytics.com *.twitter.com https://*.twitter.com *.facebook.net https://connect.facebook.net *.adroll.com https://*.adroll.com https://ajax.googleapis.com *.oneretarget.com https://*.oneretarget.com; child-src 'self' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.vimeo.com *.youtube.com https://youtube.com *.youtube-nocookie.com https://youtube-nocookie.com googleads.g.doubleclick.net *.google.com *.google.ru; report-uri /csp/index 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' loader.wisepops.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com cdn.usefathom.com js.refiner.io googleads.g.doubleclick.net js.hsforms.net; connect-src api.refiner.io popup.wisepops.com activity.wisepops.com stats.g.doubleclick.net cdn.usefathom.com region1.google-analytics.com www.google-analytics.com forms.hsforms.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; img-src 'self' www.googletagmanager.com cdn.usefathom.com www.google-analytics.com www.google.fr www.google.com forms.hubspot.com data:; font-src 'self' fonts.gstatic.com data:; frame-src js.refiner.io forms.hsforms.com; frame-ancestors 'none'; form-action 'self' forms.hsforms.com; manifest-src 'self' 1
font-src *.cloudflare.com *.bootstrapcdn.com data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.youtube.com *.paypal.com *.hotjar.com *.livechatinc.com *.doubleclick.net *.facebook.com *.addthis.com giphy.com gfycat.com *.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://images.unsplash.com *.cloudflare.com *.paypal.com *.ytimg.com *.adsymptotic.com *.googleadservices.com *.bing.com *.linkedin.com *.facebook.com *.facebook.net *.google.com *.google.co.in *.slideteam.net *.googletagmanager.com *.livechatinc.com *.pinterest.com *.doubleclick.net *.gravatar.com *.resultspage.com *.resultsdemo.com *.giphy.com *.clarity.ms *.quora.com *.lfeeder.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.scarabresearch.com *.trustpilot.com *.googletagmanager.com *.bing.com *.googleadservices.com *.licdn.com *.resultspage.com *.googleoptimize.com *.hotjar.com *.facebook.net *.doubleclick.net *.livechatinc.com *.addthis.com *.addthisedge.com *.formisimo.com *.moatads.com *.2checkout.com *.pinterest.com *.newrelic.com *.nr-data.net *.gravatar.com *.google.com *.clarity.ms *.jquery.com *.resultsdemo.com *.quora.com *.lfeeder.com www.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.bootstrapcdn.com *.resultspage.com *.resultsdemo.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.paypal.com *.scarabresearch.com *.emarsys.net www.google-analytics.com *.doubleclick.net *.addthis.com *.addthisedge.com *.livechatinc.com *.2checkout.com *.trustpilot.com *.hotjar.com *.nr-data.net *.bing.com *.clarity.ms *.quora.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: apicorporativops.portoseguro.com.br *.doubleclick.net geolocation.onetrust.com www.portoseguro.com.br www.google-analytics.com rum-collector-2.pingdom.net plugin.handtalk.me www.googletagmanager.com *.omtrdc.net wss://127.0.0.1:7070 privacyportal-uk.onetrust.com cdn-ukwest.onetrust.com b.smrk.io wss://127.0.0.1:5901 fonts.gstatic.com *.portoseguro.com.br vc.hotjar.io wss://127.0.0.1:5931 wss://127.0.0.1:5903 analytics.google.com wss://127.0.0.1:5939 www.google.com adservice.google.com *.googleapis.com wss://127.0.0.1:2112 popups.rdstation.com.br wss://127.0.0.1:63333 wss://127.0.0.1:6039 wss://127.0.0.1:5944 wss://127.0.0.1:3389 wss://127.0.0.1:5900 pageview-notify.rdstation.com.br wss://127.0.0.1:5902 wss://127.0.0.1:5950 wss://127.0.0.1:5279 *.hotjar.com *.facebook.com wss://127.0.0.1:6040; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com scripts.prdredir.com www.google.com rd.afftrack.pro www.googleoptimize.com cdnjs.cloudflare.com altopd.com *.hotjar.com s3-sa-east-1.amazonaws.com img.metaffiliation.com *.googleadservices.com cdn-ukwest.onetrust.com institucional.portoseguro.com.br unpkg.com *.online-metrix.net rtgpix.com www.googletagmanager.com www.google-analytics.com barramc.campanhaporto.com.br www.portoseguro.com.br vdo.campanhaporto.com.br apicorporativops.portoseguro.com.br www.youtube.com event.getblue.io plugin.handtalk.me *.doubleclick.net widget.getblue.io tags.fulllab.com.br snap.licdn.com *.portoseguro.com.br b.smrk.io *.cloudfront.net rum-static.pingdom.net www.rtb123.com *.facebook.net code.jquery.com; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: apicorporativops.portoseguro.com.br; form-action  *.facebook.com www.portoseguro.com.br; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.ans.gov.br *.online-metrix.net institucional.portoseguro.com.br img.youtube.com *.googleapis.com action.metaffiliation.com *.doubleclick.net analytics.google.com *.facebook.com vdo.campanhaporto.com.br b.smrk.io *.portoseguro.com.br fonts.gstatic.com s3-sa-east-1.amazonaws.com static-or02.inbenta.com www.googletagmanager.com *.linkedin.com www.portoseguro.com.br www.google.com.br apicorporativops.portoseguro.com.br www.google.com cdn-ukwest.onetrust.com plugin.handtalk.me; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.portoseguro.com.br institucional.portoseguro.com.br; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vdo.campanhaporto.com.br www.w3schools.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: plugin.handtalk.me www.googletagmanager.com www.portoseguro.com.br *.portoseguro.com.br www.youtube.com scripts.prdredir.com *.hotjar.com *.facebook.com chat-sa.smark.io *.online-metrix.net prdredir.com mediamathrdrt.com *.doubleclick.net www.google.com apicorporativops.portoseguro.com.br event.getblue.io www.protegendoofuturo.com.br; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com pro.fontawesome.com use.typekit.net www.portoseguro.com.br institucional.portoseguro.com.br; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: institucional.portoseguro.com.br www.portoseguro.com.br vdo.campanhaporto.com.br p.typekit.net pro.fontawesome.com *.googleapis.com *.portoseguro.com.br use.typekit.net; frame-ancestors 'self' ; report-uri /csp_report 1
frame-ancestors 'self'; report-uri https://www.kidspot.com.au/csp-reports 1
frame-ancestors 'self'; report-uri https://www.vogue.com.au/csp-reports 1
report-uri https://o38422.ingest.sentry.io/api/1381643/security/?sentry_key=035194ae1605493c99dd66c2a7b2ca98; default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
script-src 'self' cdnjs.cloudflare.com https://www.google-analytics.com; script-src-attr 'self'; style-src 'self'; frame-ancestors 'self' 1
default-src 'self';img-src 'self' data: https://flickr.com https://*.flickr.com https://s.gravatar.com https://s.gravatar.com/avatar https://secure.gravatar.com/avatar https://i1.wp.com/cdn.auth0.com/avatars https://cdn.auth0.com/avatars https://g.stripe.com/ https://ssl.google-analytics.com https://pagead2.googlesyndication.com https://pbs.twimg.com/profile_images/ https://farm66.static.flickr.com https://www.google-analytics.com https://tpc.googlesyndication.com https://pbs.twimg.com https://securepubads.g.doubleclick.net https://*.amazon-adsystem.com https://fundingchoicesmessages.google.com https://*.3lift.com https://ams-pageview-public.s3.amazonaws.com https://www.google.com https://syndication.twitter.com https://image8.pubmatic.com https://googleads.g.doubleclick.net https://*.googleusercontent.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';frame-src https://js.stripe.com https://platform.twitter.com/ https://syndication.twitter.com/ https://tpc.googlesyndication.com/ https://*.safeframe.googlesyndication.com/ https://www.google.com/ https://googleads.g.doubleclick.net/;connect-src 'self' https: https://securepubads.g.doubleclick.net/pagead/ppub_config https://