Values for content-security-policy-report-only: default-src 'self' www.google.com www.gstatic.com img6.wsimg.com *.secureserver.net collect.tealiumiq.com *.akamaihd.net c.go-mpulse.net *.akstat.io www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.godaddy.com data:; font-src * data: blob:; style-src 'self' 'unsafe-inline' img6.wsimg.com www.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; connect-src * data: blob:; frame-src * data: blob:; report-uri /gdforsalev2/csp-reports 124 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 67 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 63 default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 37 default-src https: 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com assets.digital.cabinet-office.gov.uk; script-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.gstatic.com www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com hmrc-uk.digital.nuance.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.gstatic.com 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com gov.klick2contact.com www.signin.service.gov.uk; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 32 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 28 upgrade-insecure-requests; block-all-mixed-content; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.skyscanner.net https://*.skyscnr.com https://*.gbot.me https://*.cloudfront.net https://*.akstat.io https://*.akamaihd.net https://*.perimeterx.net https://*.px-cloud.net https://*.mixpanel.com https://*.mxpnl.com https://*.zscloud.net https://*.branch.io https://*.usabilla.com https://app.link https://*.go-mpulse.net https://*.krxd.net https://cx.atdmt.com https://*.criteo.com https://*.criteo.net https://*.yandex.ru https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; report-uri https://slipstream.skyscanner.net/grp/v1/custom/public/csp-reports/report/security.ContentSecurityReport 19 frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com player.grabnetworks.com www.kickstarter.com staging.slideshare.com player.anyclip.com verify.vote.org movieclips.com scache.vevo.com *.adyen.com www.voteplz.org player.hulu.com www.crackle.com www.dailymotion.com cache.vevo.com www.slideshare.net crackle.com embed.5min.com embed.ted.com register.vote.org absentee.vote.org www.crunchyroll.com videoplayer.vevo.com w.soundcloud.com embed-ssl.ted.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co scache.vevo.com bid.g.doubleclick.net *.fls.doubleclick.net pinterest-waterloo.s3.amazonaws.com pinlogs.s3.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com *.cdn.ampproject.org; report-uri /_/_/csp_report/?reportonly 15 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 14 report-uri https://imkryiyepi.execute-api.eu-west-1.amazonaws.com/production/; default-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem script-src-elem https://www.googletagservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://securepubads.g.doubleclick.net https://adservice.google.co.uk https://adservice.google.com https://tpc.googlesyndication.com 'unsafe-inline' 'self'; script-src https: https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 11 11 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 11 report-uri https://content-api.canon-europe.com/cspreport/webapp/; script-src 'nonce-2726c7f26c' 'self' 'unsafe-eval' 'unsafe-inline' blob: 10 block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 9 default-src https: data: 'unsafe-inline' 'unsafe-eval' 9 frame-ancestors 'self'; report-uri https://stores.jp/content_security_policy_reports 8 default-src 'self' blob:; child-src: 'self' blob:; script-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net cdn.cookielaw.org assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; img-src 'self' data: assets.new.siemens.com maps.siemens.com metrics.brightcove.com brightcove04pmdo-a.akamaihd.net cf-images.eu-west-1.prod.boltdns.net cf-images.us-east-1.prod.boltdns.net siemens.sc.omtrdc.net track.adform.net s2033604275.t.eloqua.com cdn.cookielaw.org cookies.siemens.com; font-src 'self' data: tools.adlytics.net; connect-src 'self' search.new.siemens.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net cdn.cookielaw.org dmp.adform.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; media-src 'self' assets.new.siemens.com secure.brightcove.com *.media.brightcove.com blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; worker-src 'self' 'unsafe-inline' blob:; object-src players.brightcove.net; block-all-mixed-content; reflected-xss block; base-uri 'self'; referrer origin-when-cross-origin; report-uri https://report-uri.dc.siemens.com/ 7 block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly 6 report-uri /report-csp-violation 6 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 5 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 5 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 5 frame-ancestors 'self'; report-uri /beacon/csp.php 5 script-src 'report-sample' 'unsafe-inline' https: http:;report-uri /_/PlayStoreUi/cspreport 5 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 default-src 'self' 5 default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 4 default-src 'unsafe-inline' 'unsafe-eval' data: https: wss:; report-uri https://shk.betfair.com/csp 4 default-src https: 'unsafe-inline' data: 4 default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data:;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com 4 default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 4 default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 4 frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 4 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src self blob: 4 report-uri /ab/csp/index; report-to csp-endpoint 3 child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 3 object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 3 default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com *.lynda.com; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com www.linkedin.com www.slideshare.net *.megaphone.fm msit.powerbi.com app.powerbi.com linkedin.github.io; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=gm 3 default-src https: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self'; report-uri /stf/reportiframe 3 script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src self blob: 3 default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 3 report-uri /csp-report; default-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.typekit.net ajax.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com *.typekit.net *.myfonts.net; img-src 'self' data: *.google-analytics.com ajax.googleapis.com *.typekit.net *.doubleclick.net; connect-src 'self'; font-src 'self' data: *.typekit.net; object-src 'self'; media-src 'self'; frame-src *.addthis.com player.vimeo.com www.youtube.com; manifest-src 'self'; 3 script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 3 frame-src self *.arcgames.com *.adyen.com www.google.com *.cdn.optimizely.com *.doubleclick.net *.youtube.com www.googletagmanager.com www.facebook.com; report-uri https://www.arcgames.com/en/report/enforce; 3 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 3 ; report-uri https://.report-uri.com/r/d/csp/reporting 3 default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 2 frame-ancestors 'self' https://*.twilio.com https://www.twilio.com;report-uri https://www.twilio.com/console/api/cspr 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' 'unsafe-inline' *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' fonts.gstatic.com *.fca.org.uk; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; report-uri /error/js; img-src 'self' https: data:; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 report-uri https://csp.rz.uni-kiel.de/report; report-to csp; 2 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 2 default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:; object-src 'self'; font-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 2 default-src 'self' blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://wcdn.3cx.com https://wstatic.3cx.com https://d20hvw4zeymqbm.cloudfront.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wcdn.3cx.com https://wstatic.3cx.com https://www.googletagmanager.com https://d20hvw4zeymqbm.cloudfront.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://login.3cx.com https://www.google-analytics.com https://ct.capterra.com tpc.googlesyndication.com pagead2.googlesyndication.com https://ssl.geoplugin.net https://services.3cx.com https://ajax.googleapis.com https://connect.facebook.net https://maps.googleapis.com www.gstatic.com;object-src 'none';img-src * data: blob:;connect-src 'self' https://wcdn.3cx.com https://wstatic.3cx.com https://webapi.3cx.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net sipcy.3cx.com www.facebook.com translate.googleapis.com;child-src 'self' https://www.youtube.com blob:; frame-src 'self' https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.googletagmanager.com; block-all-mixed-content; report-uri /csp/; 2 default-src 'self' ; font-src 'self' data: https://static.smartframe.io https://fonts.gstatic.com https://js.arcgis.com ; img-src 'self' data: blob: https://www.google-analytics.com http://www.googletagmanager.com https://static.smartframe.io https://thumbs.smartframe.io https://thumbs-cdn.smartframe.io https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://t.co https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://js.arcgis.com https://services.arcgisonline.com https://server.arcgisonline.com https://utility.arcgis.com *.historicengland.org.uk http://stage.historic-england.org https://img.youtube.com https://i.ytimg.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://app.getsitecontrol.com ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://js.arcgis.com ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://static.smartframe.io https://rum-static.pingdom.net https://www.googletagmanager.com https://www.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com http://connect.facebook.net http://www.instagram.com https://js.arcgis.com https://az416426.vo.msecnd.net https://e.infogram.com https://s.ytimg.com https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://widgets.getsitecontrol.com https://st.getsitecontrol.com https://embed.typeform.com https://script.crazyegg.com https://heritage.candle.digital https://www.youtube.com ; frame-src 'self' *.youtube.com https://englishheritage.maps.arcgis.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://web.facebook.com https://sketchfab.com https://www.instagram.com https://www.google.co.uk https://w.soundcloud.com https://heritage.candle.digital https://app.powerbi.com https://e.infogram.com https://www.google.com https://www.smartsurvey.co.uk ; connect-src 'self' http://rum-collector-2.pingdom.net *.smartframe.io https://www.google-analytics.com https://utility.arcgis.com https://services.arcgisonline.com https://static.arcgis.com https://datahub.esriuk.com https://dc.services.visualstudio.com/v2/track https://stats.g.doubleclick.net https://tracking.crazyegg.com https://script.crazyegg.com ; 2 default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https:; connect-src https: wss: data:; font-src https: data:; media-src 'self' https:; report-uri https://www.sunrise.ch/csp-collector; upgrade-insecure-requests 2 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; worker-src blob:; report-uri /csp-report 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 2 connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 2 default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; report-uri https://fa920c4c3c2352efe32641b67b2f3fbe.report-uri.com/r/d/csp/reportOnly 2 base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu https://api.personio.de/recruiting/applicant ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/?reportOnly=true 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com; img-src 'self' https: data: ; font-src 'self' https: ; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com; frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2 : default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2 default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://maps.google.com https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src 'self' https://charts3.equitystory.com https://socialcloud.bertelsmann.com https://www.youtube.com https://*.rtl.de; connect-src 'self' wss://*.bertelsmann.de https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net 2 default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com linkedin.sc.omtrdc.net lnkd.tt.omtrdc.net opreq.observepoint.com www.linkedin-ei.com adservice.google.com stats.g.doubleclick.net static.licdn.com; img-src data: blob: android-webview-video-poster: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; script-src-elem 'unsafe-inline' tags.tiqcdn.com *.salesforceliveagent.com platform.linkedin-ei.com platform.linkedin.com content.linkedin.com snap.licdn.com sjs.bizographics.com www.linkedin.com bcvipva02.rightnowtech.com sb.scorecardresearch.com; frame-ancestors 'self'; object-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=ms 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 2 frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2 child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2 default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://platform.twitter.com https://plusone.google.com https://facebook.com https://platform.twitter.com https://apis.google.com https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://use.fontawesome.com https://stats.wp.com https://s0.wp.com https://ajax.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://secure.gravatar.com; img-src 'unsafe-inline' 'self' https://pixel.wp.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; font-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://use.fontawesome.com https://fonts.gstatic.com https://wordpress.com data:; frame-src 'self' https://www.google.com; 2 default-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl *.op.nl; connect-src 'self' *.ondernemersplein.kvk.nl *.flagship.io ariane.abtasty.com sentry.io vc.hotjar.io *.hotjar.com ampcid.google.com ajax.googleapis.com; img-src 'self' data: *.ondernemersplein.kvk.nl *.rvo.nl opendata.nederlandwereldwijd.nl ariane.abtasty.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com i.ytimg.com; style-src 'self' 'unsafe-inline' *.ondernemersplein.kvk.nl www.gstatic.com fonts.googleapis.com tagmanager.google.com; frame-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl opendata.ondernemersplein.nl www.youtube.com vars.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ondernemersplein.kvk.nl www.google-analytics.com www.googletagmanager.com www.gstatic.com *.flagship.io ariane.abtasty.com static.hotjar.com script.hotjar.com www.youtube.com s.ytimg.com; report-uri https://sentry.io/api/1234272/security/?sentry_key=f23f8584f25343e3baed391826c1e5ba&sentry_environment=productie 2 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2 report-uri /es/Error/ReportCPS; 2 img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2 default-src 'self' https://cdn.consentmanager.mgr.consensu.org; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com; img-src 'self' data: https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com; frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com; report-uri https://jenoptik.report-uri.io/r/default/csp/reportOnly 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://9s5nwozqcb.execute-api.eu-north-1.amazonaws.com/prod/sitemailalerts 2 default-src 'self' https://*.googlesyndication.com https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://adservice.google.com https://adservice.google.co.uk https://adservice.google.es https://cdn.ampproject.org http://platform.twitter.com https://*.googlesyndication.com https://cdn.curator.io https://www.googleadservices.com https://www.googletagmanager.com https://survey.g.doubleclick.net https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://lib.selfcampaign.com https://securepubads.g.doubleclick.net https://api.mapbox.com; style-src 'self' 'unsafe-inline' https://cdn.curator.io https://cdnjs.cloudflare.com https://api.mapbox.com; img-src 'self' https://www.commercialmotor.com https://www.google.com https://www.google.co.uk https://www.google.es https://*.googlesyndication.com data: https://*.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://lib.selfcampaign.com https://c1.adform.net https://match.adsrvr.org https://track2.selfcampaign.com https://track.selfcampaign.com https://syndication.twitter.com; frame-src 'self' https://www.youtube.com https://*.googlesyndication.com/ https://delivery.selfcampaign.com https://platform.twitter.com; connect-src 'self' https://*.g.doubleclick.net https://*.gstatic.com https://*.curator.io https://api.mapbox.com; report-uri https://rtmcommercialmotors.report-uri.com/a/d/g; upgrade-insecure-requests 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2 font-src 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.authorize.com *.facebook.net *.facebook.com *.driftt.com *.bootstrapcdn.com *.hubspot.com *.authorize.net *.mailchimp.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.iglobalstores.com *.authorize.net *.spreedly.com *.driftt.com *.hubspot.com *.getbread.com *.hotjar.com www.paypal.com paypal.com *.braintree-api.com *.braintreegateway.com *.addthis.com *.youtube.com www.youtube.com *.online-metrix.net *.signifyd.com *.demdex.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.ytimg.com *.s3.amazonaws.com *.amazonaws.com *.driftt.com *.klaviyo.com *.g.doubleclick.net *.hubspot.com *.authorize.net *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.signifyd.com *.e.aa.online-metrix.net *.bbb.org *.facebook.net *.facebook.com *.hotjar.com *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.secure.force.com *.mailchimp.com cm.everesttech.net *.demdex.net amcglobal.sc.omtrdc.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; script-src *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com d.adroll.mgr.consensu.org *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.spreedly.com *.zonos.com *.yotpo.com *.braintreegateway.com *.bootstrapcdn.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.facebook.net *.facebook.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com www.paypal.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com chimpstatic.com *.mailchimp.com mc.us18.list-manage.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.klaviyo.com *.bootstrapcdn.com *.driftt.com *.authorize.net display.ugc.bazaarvoice.com *.signifyd.com *.facebook.net *.facebook.com *.mailchimp.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.zonos.com *.yotpo.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com d.adroll.mgr.consensu.org *.facebook.net *.facebook.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com www.paypal.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com *.braintreegateway.com chimpstatic.com *.mailchimp.com *.demdex.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'report-sample' 'self' https://apis.google.com/js/plusone.js https://assets.pinterest.com/js/pinit.js https://connect.facebook.net/en_US/fbevents.js https://platform.twitter.com/widgets.js https://seal.thawte.com/getthawteseal https://ssl.google-analytics.com/ga.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/translate_static/js/element/main.js; style-src 'report-sample' 'self' https://translate.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' https://accounts.google.com https://apis.google.com https://my.sendinblue.com https://platform.twitter.com https://www.facebook.com https://www.youtube.com; img-src 'self' https://i.ytimg.com https://log.pinterest.com https://ssl.google-analytics.com https://syndication.twitter.com https://www.facebook.com https://www.gstatic.com; manifest-src 'self'; media-src 'self'; report-uri https://5f466512b641482c3e7cf8aa.endpoint.csper.io/; worker-src 'none'; 2 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 2 default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 2 report-uri /_/csp-reports 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.disqus.com *.disquscdn.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.pinterest.com *.youtube.com disqus.com s.ytimg.com stephband.info https://thirdhour.org; connect-src https:; font-src data: https:; form-action https:; frame-src https:; child-src https:; img-src data: https:; manifest-src https:; media-src https:; object-src https:; upgrade-insecure-requests 2 font-src *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.addtoany.com *.facebook.com *.doubleclick.net *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudfront.net *.facebook.com *.google.com *.google.ru data: *.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googletagmanager.com *.cloudfront.net *.searchspring.net *.klaviyo.com *.addtoany.com *.facebook.net *.doubleclick.net *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.fontawesome.com *.searchspring.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.searchspring.io *.luckyorange.net *.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_2_10_X 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://redchamps.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https://themes.googleusercontent.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https://rivm.nl/ https://*.rivm.nl/; report-uri /report-csp-violation 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://geoip-js.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com api.razorpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com cdn.razorpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 connect-src 'self' api-public.ducati.com wurfl.io stats.g.doubleclick.net www.google-analytics.com c.go-mpulse.net calculator.volkswagenbank.de s.yimg.com www.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net *.a8723.com performance.typekit.net www.google.com *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com; font-src data: 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension; script-src-elem data: assets.ducati.com platform.twitter.com pixel.mathtag.com s.yimg.jp emea-ducati.netmng.com mm.markandmini.com *.a8723.com u.logbor.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net maps.googleapis.com s.go-mpulse.net s2.adform.net snap.licdn.com track.adform.net use.typekit.net wurfl.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de b92.yahoo.co.jp gateway.zscalertwo.net about; script-src assets.ducati.com platform.twitter.com b92.yahoo.co.jp connect.facebook.net s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' googleads.g.doubleclick.net s.go-mpulse.net snap.licdn.com wurfl.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de maps.googleapis.com s2.adform.net sp.analytics.yahoo.com track.adform.net; base-uri 'self'; frame-src *.fls.doubleclick.net pixel.mathtag.com platform.twitter.com www.youtube.com youtu.be track.adform.net www.facebook.com www.googletagmanager.com bid.g.doubleclick.net remove.video www.google.com; img-src 'self' about data: * ; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' assets.ducati.com fonts.googleapis.com adblockers.opera-mini.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com 2 default-src 'self' appointments-production-f.squarecdn.com square.site squareup.com maxcdn.bootstrapcdn.com; connect-src 'self' appointments-production-f.squarecdn.com square.site squareup.com data-platform-staging.squarecloudservices.com data-platform.squarecloudservices.com api2.branch.io conversations-production-f.squarecdn.com conversations-production-c.squarecdn.com; img-src 'self' data: api.mapbox.com *.tiles.mapbox.com square-go-production.s3.amazonaws.com/ s3.amazonaws.com/square-dashboard-production/ www.google-analytics.com api.squareup.com appointments-production.s3.amazonaws.com/ square-web-production-f.squarecdn.com appointments-production-f.squarecdn.com d1g145x70srn7h.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' appointments-production-f.squarecdn.com js-agent.newrelic.com/ bam.nr-data.net/ cdn.branch.io/ api2.branch.io/ app.link/ ajax.googleapis.com maxcdn.bootstrapcdn.com conversations-production-f.squarecdn.com conversations-production-c.squarecdn.com; style-src 'self' blob: 'unsafe-inline' appointments-production-f.squarecdn.com maxcdn.bootstrapcdn.com; report-uri https://squareup.com/1.0/as-reporter/csp/E-g-3sEcG3-1DHsDEIhKGqOrreQ_KmM23fhp_JMWVt34xrVL 2 font-src *.klevu.com *.trustedshops.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.klarna.com *.adyen.com widget.trustpilot.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://cdn.klarna.com *.paypal.com *.klevu.com *.omtrdc.net *.trustedshops.com *.klarnaevt.com *.adyen.com bat.bing.com stats.g.doubleclick.net ct.pinterest.com facebook.com google.de google.com widget.trustpilot.com *.usercentrics.eu cdn.flbx.io sumo.com *.cloudfront.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.paypal.com *.paypalobjects.com *.newrelic.com *.google.com *.gstatic.com *.nr-data.net *.getflowbox.com *.trustedshops.com *.klevu.com *.trackedlink.net *.klarna.com *.adyen.com hit.uptrendsdata.com *.googletagmanager.com bat.bing.com *.pinimg.com connect.facebook.net stats-bq.stylight.net tracking.s24.com load.sumo.com googleads.g.doubleclick.net *.usercentrics.eu widget.trustpilot.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.trustedshops.com *.klevu.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.vimeo.com *.wistia.net *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nr-data.net *.demdex.net *.vimeo.com *.klarnaevt.com *.paypal.com ct.pinterest.com widget.trustpilot.com sumo.com *.usercentrics.eu hit.uptrendsdata.com stats.g.doubleclick.net www.google-analytics.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'none'; script-src 'self' https://www.googletagmanager.com; connect-src 'self'; img-src 'self' https://no-cache.hubspot.com https://cdn.vidyard.com; style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-source https://fonts.gstatic.com; connect-src https://settings.luckyorange.net 2 default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com *.onmarc.nl ssl.google-analytics.com *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl;manifest-src 'self' ;block-all-mixed-content; 2 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1 default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 1 frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 1 frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' ; img-src * data: ; script-src 'unsafe-eval' 'self' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com data: ; connect-src 'self' www.google-analytics.com ssl.google-analytics.com ; media-src 'self' ; style-src 'self' fonts.googleapis.com tagmanager.google.com ; font-src 'self' fonts.gstatic.com data: ; frame-ancestors 'none' ; report-uri https://csp-report.postgresql.org/ 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.digitaltrends.com/collector/nr.php?ctx=csp-violation 1 default-src * blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=132-1187591-6477850:rid=65AMFAERF1E9B4ZJP0PJ:sn=www.audible.com 1 default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 1 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1 script-src 'self' 'unsafe-inline' 'nonce-P90Ljxi1MYYdmrOq72h0Mg1N8UVLbVsu' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-P90Ljxi1MYYdmrOq72h0Mg1N8UVLbVsu; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; report-uri /csp-report 1 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::BPROD_2_10_X_NOASYNC 1 report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.ads-twitter.com https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://reveal.clearbit.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://search-api.swiftype.com https://s.swiftypecdn.com https://analytics.twitter.com https://platform.twitter.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com https://*.marketo.com https://*.marketo.net https://js.driftt.com/* https://www.googleoptimize.com https://cdnjs.cloudflare.com https://api.ipify.org https://cdn.pdst.fm https://*.vimeocdn.com 1 default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-NDA2MjI4Njk0NiwzNzYxMjIyNDc1'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org api.wikimedia.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1 object-src 'none' ; frame-ancestors 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com/widgets.js https://platform.twitter.com/js/ https://www.youtube.com https://player.vimeo.com/api/player.js https://cdn.segment.com/analytics.js/ https://cmp.osano.com/Azyw89S0I2gFuR2v/ed684bc0-8fdd-4609-af23-b196e28e7021/osano.js ; report-uri https://o22594.ingest.sentry.io/api/5456147/security/?sentry_key=44978edacbee40328c529047398efc6a&sentry_environment=static 1 img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1 media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 1 upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' www.sentry.dev www.googletagmanager.com www.google-analytics.com js.hs-analytics.net js.hs-scripts.com js.driftt.com connect.facebook.net assets.calendly.com js.hsforms.net js.hs-banner.com forms.hsforms.com player.vimeo.com cdn.optimizely.com www.redditstatic.com m.servedby-buysellads.com; connect-src 'self' sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com logx.optimizely.com rum.optimizely.com; img-src 'self' www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net track.hubspot.com assets.calendly.com forms.hsforms.com q.quora.com alb.reddit.com www.facebook.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com a17258894091.cdn.optimizely.com; manifest-src 'self' www.sentry.dev; report-uri https://sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https: easy-js:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:;report-uri https://collector.schibsted.io/api/v1/csp/aftonbladet/publishing/pro 1 connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 1 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1 block-all-mixed-content; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://cms.fordham.edu https://assets.fordham.edu https://bat.bing.com/bat.js https://us2.siteimprove.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.adhigh.net/p.js https://px.ads.linkedin.com https://scripts.ninjacat.io https://snap.licdn.com https://www.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://px.adhigh.net https://s.ytimg.com https://scripts.mymarketingreports.com https://libraryh3lp.com https://ds-aksb-a.akamaihd.net https://www.linkedin.com https://dc.ads.linkedin.com https://lgapi.libapps.com https://fw.cdn.technolutions.net https://cdn.syndication.twimg.com https://mx.technolutions.net https://synch.optimatic.com https://slate-technolutions-net.cdn.technolutions.net https://secure.adnxs.com https://consent.trustarc.com https://consent.truste.com https://platform.twitter.com https://gradadmissions.fordham.edu https://go.activecalendar.com; report-uri https://jaduuat.fordham.edu/site/custom_scripts/fordham_csperrors.php 1 connect-src 'self' 'unsafe-eval' *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.jazz.co *.olark.com *.sentry.io https://sentry.io report-sample; default-src 'self' blob: data: *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.olark.com *.sentry.io https://sentry.io report-sample; font-src 'self' 'unsafe-eval' data: *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com *.olark.com report-sample; frame-src 'self' *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.olark.com *.twimg.com *.twitter.com *.youtube.com report-sample; img-src 'self' data: blob: 'unsafe-inline' *; media-src 'self' data: blob: 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.olark.com *.sentry.io https://sentry.io *.twimg.com *.twitter.com report-sample; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.olark.com *.sentry.io https://sentry.io *.twimg.com *.twitter.com report-sample; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com *.olark.com *.twimg.com *.twitter.com report-sample; style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com *.olark.com *.twimg.com *.twitter.com report-sample; block-all-mixed-content; report-uri https://sentry.io/api/2983595/security/?sentry_key=21fae161c11a42bb965ab8ccf544f1fd 1 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'none'; connect-src https://caligraph.youcanbook.me/ https://in.hotjar.com/ https://realtime.youcanbook.me/ https://www.google-analytics.com wss://realtime.youcanbook.me/ https://stats.g.doubleclick.net 'self'; font-src https://fonts.gstatic.com/ https://static.hotjar.com/ data: 'self'; frame-src https://homepage.youcanbook.me/ https://vars.hotjar.com/ https://www.youtube.com/; img-src https://static.hotjar.com https://www.google-analytics.com/ https://www.gstatic.com/ https://zapier.com/ https://cdn.zapier.com/ data: 'self'; manifest-src 'self' ; script-src https://www.google-analytics.com/ https://*.doubleclick.net/ https://realtime.youcanbook.me/ https://s.ytimg.com/ https://*.hotjar.com/ https://www.youtube.com/ https://zapier.com/ 'unsafe-eval' 'unsafe-inline' 'self'; media-src 'self'; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self'; 1 default-src https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; manifest-src 'self' https://cdn.evbstatic.com ; style-src https: 'unsafe-inline' ; connect-src https: about: ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors https: 'self' ; worker-src https: blob: 'self' ; font-src https: data: ; img-src https: data: ; form-action 'self' https: ; child-src 'self' ; report-uri https://www.eventbrite.com.au/ajax/csp-violation/action ; 1 default-src 'none'; report-uri https://csp-report.wwnorton.com; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self' https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net https://stats.g.doubleclick.net; 1 default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1 script-src 'self' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-MTg2NDUwNzUyNiwxMDA3OTYyNzI='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 report-uri https://www.yelp.com/csp_report_only?id=d69deaf5214c450a&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610676988; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.sumologic.com sentry.io wss: wss://*.pusher.com slack.com github.com exist.io accounts.automatic.com *.visualwebsiteoptimizer.com app.vwo.com logo.clearbit.com *.ubembed.com *.userleap.com; font-src 'self' data: fonts.gstatic.com app.vwo.com *.ubembed.com *.userleap.com; form-action 'self' *.welltory.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com *.ubembed.com *.userleap.com; img-src 'self' data: assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com *.visualwebsiteoptimizer.com app.vwo.com track.customer.io secure.gravatar.com logo.clearbit.com *.ubembed.com *.userleap.com; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io *.ubembed.com *.userleap.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com *.ubembed.com *.userleap.com; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1 default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://mebi.rivm.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://cdn.datatables.net http://*.usabilla.com/ https://*.usabilla.com/ https://*.cloudfront.net https://mebi.rivm.nl; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://cdn.datatables.net http://*.usabilla.com/ https://*.usabilla.com/ https://*.cloudfront.net http://cdn.jsdelivr.net https://mebi.rivm.nl; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data: http://www.rovid.nl https://*.usabilla.com/ https://*.cloudfront.net; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://*.cloudfront.net data:; connect-src https://statistiek.rijksoverheid.nl https://statistiek.rijksoverheid.nl/piwik/piwik.php https://mebi.rivm.nl/*; report-uri /report-csp-violation 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.365yg.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.muscdn.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.byted.org *.bytedance.net *.bytedance.com *.toutiaocloud.com *.snssdk.com *.toutiao.com *.huoshan.com *.douyin.com *.douyincdn.com *.jinritemai.com *.chengzijianzhan.com *.baike.com *.ribaoapi.com *.bytexservice.com *.pglstatp-toutiao.com *.oceanengine.com *.dyvideotape.com at.alicdn.com g.alicdn.com *.iesdouyin.com *.byteimg.com *.zjcdn.com bytedance: android-webview-video-poster: snssdk1128:;img-src 'self' blob: data: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval' *.douyin.com *.pstatp.com *.byteimg.com *.douyincdn.com *.toutiao.com *.snssdk.com *.pglstatp-toutiao.com *.byted.org *.oceanengine.com *.feiliao.com *.ixigua.com *.iesdouyin.com *.bytecdn.cn *.ribaoapi.com *.365yg.com *.bytexservice.com *.tiktokcdn.com;media-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.ixigua.com *.snssdk.com *.pstatp.com *.zjcdn.com *.365yg.com *.bytecdn.cn *.douyinvod.com;upgrade-insecure-requests ;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=douyin_inapp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com; script-src-elem 'self' 'unsafe-inline' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.dynamicyield.com fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' *.dynamicyield.com; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-IQN8uX3jkpw4/YJcHuP4' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1 block-all-mixed-content;default-src 'self';img-src 'self' https://images.opencollective.com data: t.paypal.com opencollective.com blob: opencollective-production.s3.us-west-1.amazonaws.com opencollective-production.s3-us-west-1.amazonaws.com;worker-src 'self' blob:;style-src 'self' 'unsafe-inline';connect-src 'self' https://api.opencollective.com https://pdf.opencollective.com wtfismyip.com *.paypal.com *.paypalobjects.com sentry.io *.sentry.io;script-src 'self' 'unsafe-inline' maps.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com;frame-src www.youtube.com opencollective.com js.stripe.com *.paypal.com *.openstreetmap.org;object-src opencollective.com 1 default-src 'self' https:;connect-src 'self' https: https://api.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.honeybadger.io https://api.sail-personalize.com https://api.sail-track.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://privacyportal.onetrust.com;font-src 'self' data: https: https://ga-static-assets-s3.global.ssl.fastly.net https://fonts.gstatic.com;img-src 'self' data: https: https://ga-static-assets-s3.global.ssl.fastly.net https://www.google-analytics.com https://ga-core.s3.amazonaws.com https://stats.g.doubleclick.net https://dc.ads.linkedin.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/ https://generalassemb.ly/ https://s3.amazonaws.com/static-assets.generalassemb.ly/;object-src 'none';script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://cdn.cookielaw.org https://ga-static-assets-s3.global.ssl.fastly.net https://ak.sail-horizon.com https://www.google-analytics.com https://d1fc8wv8zag5ca.cloudfront.net https://tagmanager.google.com https://connect.facebook.net/ https://code.jquery.com/ https://geolocation.onetrust.com https://bam-cell.nr-data.net;style-src 'self' data: https: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net;upgrade-insecure-requests;report-uri /core_content_security_policy/reports; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-Mjk5ODI0MTQxMiwzODAxMDc5Mjg1'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1 default-src 'self'; report-uri https://csp.yahoo.com/beacon/csp?src=fendr_developer.yahoo.com 1 base-uri 'self';default-src 'self' https:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';script-src 'report-sample' 'nonce-YBJfQRCVFoEn5nnY9MBhPg' 'unsafe-inline' 'strict-dynamic' https: http:;style-src https: 'unsafe-inline';report-uri /cspreport 1 default-src 'self' https://*.stan.com.au; child-src 'self' https://www.youtube.com; connect-src 'self' blob: https://*.stan.com.au https://payments.braintree-api.com https://*.braintreegateway.com https://*.paypal.com https://*.adyen.com https://*.akamaihd.net https://www.facebook.com https://bat.bing.com https://*.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; form-action 'self' https://*.stan.com.au https://www.facebook.com; font-src 'self' data:; frame-src 'self' https://checkoutshopper-live-au.adyen.com https://www.facebook.com https://*.paypal.com https://platform.twitter.com https://*.doubleclick.net https://www.youtube.com; img-src 'self' blob: data: https://*.stan.com.au https://*.akamaihd.net https://www.google-analytics.com https://*.google.com https://*.google.com.au https://www.facebook.com https://*.paypal.com https://*.doubleclick.net https://www.googletagmanager.com https://bat.bing.com https://t.co https://i.ytimg.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data https://*.stan.com.au https://www.googletagmanager.com https://connect.facebook.net https://*.snplow.net https://www.google-analytics.com https://static.ads-twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://*.adyen.com https://www.paypalobjects.com https://www.paypal.com https://c.paypal.com https://bat.bing.com https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.stan.com.au https://cloud.typography.com; report-uri https://api.stan.com.au/features/v1/collect-csp; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.youtube.com www.twitter.com api.reciteme.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com bam-cell.nr-data.net js-agent.newrelic.com/nr-1184.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com www.youtube.com www.twitter.com api.reciteme.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com bam-cell.nr-data.net js-agent.newrelic.com/nr-1184.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1 img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1 default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 1 default-src 'self'; script-src 'report-sample' 'self' 'sha256-p96cet82gMKBOah5xqTlTC1NImfgmfwp9xhnLYsv45Q=' 'sha256-K7F5t+0jCUOcvI0w5XCLORVrRe6Cl7fcvsyOhpNlvRA=' 'sha256-osJOIDsvZzKR6jjDkmJzOK/lCl+6P59lwiMwf2WwwX0=' 'sha256-ech7dK56PGMmo3zLhyCe9XpUu/4+pGU11bUeBEpq56o=' 'sha256-5aTBNtoMSFGD0AJ9+0YPRibd5APCDzFjjKtA16wQik8=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-DHkQzQeawSI3bMDJPOulIinzX/ih38goNk2cvBZsgPM=' 'sha256-LjOYZt74qQlHixQckZ1K+NyxwGO8jPc/zUDhd43i7qY=' 'sha256-C6r1Uv+2BkE8Qjrq+iYLyfsjck3nrA/PhDEE1u7CHtk=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-BxUWVs1+UwaUImPFWmLpOCjBDGTFuFcwcXgQwKyVSYU=' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976618339/ https://a.clickcertain.com/px/smart/a/ https://a.remarketstats.com/px/smart/; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com https://a.clickcertain.com/; img-src 'self' https://www.google-analytics.com https://www.google.com https://www.google.pl; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample'; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com https://*.zuora.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data:; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.zuora.com 'report-sample'; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::RING_WEBSITES_2_0_46 1 script-src 'nonce-x1E-6bY8k2qA4K_sXXu5Vw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/safety_google; base-uri 'none' 1 default-src 'self' 'unsafe-inline' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.drift.com *.driftt.com *.kinstacdn.com api.intellimize.co www.google-analytics.com www.instagram.com www.googleadservices.com *.quoracdn.net www.google.com *.googleapis.com snap.licdn.com googleads.g.doubleclick.net rum-static.pingdom.net *.wistia.com *.wistia.net api.greenhouse.io cdn.segment.com https://cdn.split.io cdn.madkudu.com cdn.bizible.com ga.clearbit.com app-sj27.marketo.com widget.drift.com *.jquery.com https://www.google-analytics.com https://www.googletagmanager.com *.quora.com *.hsforms.com *.hsforms.net munchkin.marketo.net s.adroll.com d.adroll.mgr.consensu.org d.adroll.com *.facebook.net static.ads-twitter.com *.twitter.com twitter.com *.6sc.co *.dca0.com *.twimg.com tpc.googlesyndication.com use.typekit.net drift.referralrock.com gateway.on24.com; img-src 'self' 'unsafe-inline' data: * ; report-uri https://o13824.ingest.sentry.io/api/5269096/security/?sentry_key=e9bb6faf1b4c4ce1927908a451904d1d 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1 default-src 'self' data: *.aldi-international.com *.gstatic.com ws.sessioncam.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' www.google.com *.facebook.com *.twitter.com g.jwpsrv.com www.youtube.com platform.liquidus.net app.nexuspublications.com.au cpc.elettershop.de live.tourdash.com wbiprod.storedvalue.com *.aldi-international.com tpc.googlesyndication.com; script-src 'self' data: *.aldi-international.com *.pinterest.com *.facebook.com *.twitter.com *.ytimg.com *.aldi-sued.com 'unsafe-inline' 'unsafe-eval' app.nexuspublications.com.au platform.liquidus.net www.yellowmap.de ssl.p.jwpcdn.com www.youtube.com www.googleadservices.com www.googletagmanager.com *.cloudfront.net/Record/js/sessioncam.recorder.js ws.sessioncam.com tpc.googlesyndication.com *.facebook.net *.google.com *.google.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; object-src 'self'; report-uri /CspReportLogger.php; 1 default-src https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; manifest-src 'self' https://cdn.evbstatic.com ; style-src https: 'unsafe-inline' ; connect-src https: about: ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors https: 'self' ; worker-src https: blob: 'self' ; font-src https: data: ; img-src https: data: ; form-action 'self' https: ; child-src 'self' ; report-uri https://www.eventbrite.es/ajax/csp-violation/action ; 1 frame-src *.trudvsem.ru; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 connect-src *.litix.io *.pusher.com 729-jty-427.mktoresp.com 729-jty-427.mktoutil.com api.bench.co api.segment.io bat.bing.com bench.co boards-api.greenhouse.io cdn.contentful.com cdn.getambassador.com content.proof-x.com data.cdnbasket.net distillery.wistia.com embed.wistia.com embedwistia-a.akamaihd.net https://*.hotjar.com https://heapanalytics.com ids.cdnwidget.com page.cdnbasket.net pipedream.wistia.com pro.ip-api.com requests.getambassador.com stats.g.doubleclick.net vc.hotjar.io view.cdnbasket.net ws://ws.pusherapp.com wss://*.hotjar.com wss://ws.pusherapp.com www.facebook.com www.google-analytics.com www.google.com; font-src bench-assets.imgix.net data: fonts.gstatic.com https://heapanalytics.com script.hotjar.com; frame-src app-ab17.marketo.com bid.g.doubleclick.net boards.greenhouse.io js.driftt.com vars.hotjar.com www.facebook.com www.youtube.com; img-src 'self' * alb.reddit.com app-ab17.marketo.com bat.bing.com bench-assets.imgix.net cx.atdmt.com data: e.cdnwidget.com embed.wistia.com fast.wistia.com hi.hellobar.com https://heapanalytics.com i.ytimg.com images.ctfassets.net s3.amazonaws.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.googletagmanager.com; media-src blob: embed.wistia.com embedwistia-a.akamaihd.net; report-uri https://api.bench.co/api/v1/cspreport.json; script-src 'self' 'unsafe-eval' 'unsafe-inline' app-ab17.marketo.com bat.bing.com boards.greenhouse.io cdn.getambassador.com cdn.proof-x.com cdn.segment.com connect.facebook.net fast.wistia.com googleads.g.doubleclick.net https://cdn.heapanalytics.com https://heapanalytics.com js.driftt.com mbsy.co munchkin.marketo.net my.hellobar.com pixel.cdnwidget.com script.hotjar.com static.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'unsafe-inline' app-ab17.marketo.com bench.co fonts.googleapis.com https://heapanalytics.com; worker-src blob: 1 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1 frame-ancestors 'self'; 1 base-uri 'none'; default-src 'none'; manifest-src 'self'; script-src 'nonce-Z2aeV+MhgdOzzssANt1tYg==' 'unsafe-inline' 'wasm-eval' 'self' http://amcdn.msftauth.net https://amcdn.msftauth.net https://ajax.aspnetcdn.com https://*.office365.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net report-sample; style-src 'unsafe-inline' 'self' https://shell.cdn.office.net https://shellppe.cdn.office.net report-sample; font-src 'self' data: https://*.akamaihd.net https://static2.sharepointonline.com; img-src 'self' blob: data: https://*.officeppe.com https://*.office.com https://*.office365.com https://outlook.live.com https://*.vo.msecnd.net https://*.teams.microsoft.com https://*.officeapps.live.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://outlook.office365.com https://shell.cdn.office.net https://shellppe.cdn.office.net; connect-src 'self' blob: https://graph.microsoft.com wss://whiteboard.microsoft.com/sync https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com https://*.office.com https://*.officeppe.com https://outlook.office365.com https://outlook.live.com https://config.edge.skype.net https://config.edge.skype.com https://browser.pipe.aria.microsoft.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net; frame-src 'self' https://login.windows.net/ https://*.officeppe.com https://*.office.com https://*.spoppe.com https://login.microsoftonline.com https://microsoft.sharepoint-df.com https://microsoft.sharepoint.com https://www.yammer.com; frame-ancestors 'self' https://teams.microsoft.com; form-action 'none'; upgrade-insecure-requests; report-uri /cspreport 1 policy 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1 default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 1 font-src 'self' d3jbm9h03wxzi9.cloudfront.net fonts.googleapis.com data: https:; img-src 'self' d3jbm9h03wxzi9.cloudfront.net s3.amazonaws.com/revue revue.imgix.net data: https:; object-src 'none'; script-src 'self' d3jbm9h03wxzi9.cloudfront.net cdn.mxpnl.com checkout.stripe.com connect.facebook.net www.google-analytics.com js.stripe.com use.typekit.net *.intercomcdn.com *.taxamo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'unsafe-eval' https: 'nonce-AGYJ4zleRnb9o4NT23mDvw=='; frame-src api.taxamo.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https:; style-src 'self' d3jbm9h03wxzi9.cloudfront.net 'unsafe-inline' https:; connect-src 'self' wss://*.intercom.io *.intercom.io *.intercomcdn.com wss://*.pusher.com https:; report-uri /csp-report 1 default-src https: 'unsafe-inline' 'unsafe-eval' wss://jobsv3.wort.lu/api/v1/sites/pt/latina/playlistUpdates; img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri https://www.wort.lu/report 1 script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css; object-src 'none'; report-uri /report-csp-violation 1 script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src self blob: 1 frame-ancestors 'self' http://dev.lovdata.intern:* http://xdur:8080 1 style-src 'unsafe-inline' 'self' https://webapi.amap.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://webapi.amap.com https://restapi.amap.com https://g.alicdn.com ext: null: chrome-extension: https://*.meituan.net https://*.meituan.com https://*.sankuai.com; frame-src 'self' dxwebview: mailto: chrome-error: ms-appx-web: mtdaxiang: https://*.neixin.cn https://*.sankuai.com https://*.meituan.com https://*.meituan.net http://*.meituan.net http://*.sankuai.com http://*.neixin.cn; img-src data: 'self' blob: https://pub.idqqimg.com https://restapi.amap.com x-apple-ql-id: about: http://paas.sankuai.info http://yiju.beyondh.com http://*.sankuai.com https://*.neixin.cn http://*.meituan.net https://*.meituan.net https://*.meituan.com http://*.meituan.com http://*.neixin.cn https://*.dpfile.com https://*.sankuai.com https://*.dianping.com http://*.dianping.com http://*.dpfile.com http://*.dper.com; style-src-elem 'self' 'unsafe-inline' https://webapi.amap.com https://*.neixin.cn https://*.meituan.net; style-src-attr 'unsafe-inline'; connect-src 'self' wss://*.neixin.cn https://*.meituan.net https://*.meituan.com https://*.neixin.cn https://*.dianping.com https://*.sankuai.com http://*.meituan.net; script-src-attr 'unsafe-inline'; child-src 'self' blob:; worker-src 'self' blob:; script-src-elem 'unsafe-inline' 'self' https://g.alicdn.com https://restapi.amap.com https://webapi.amap.com https://*.meituan.net https://*.meituan.com https://*.neixin.cn https://*.sankuai.com; media-src 'self' data: https://*.neixin.cn http://*.meituan.net https://*.meituan.com; prefetch-src http://*.meituan.com; default-src 'none'; font-src 'self' data: about: https://*.meituan.net; report-uri https://csp.sankuai.com/csp-report/NA0OCP8Q 1 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 1 default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.google.com *.snapchat.com; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world *.googleapis.com ;script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-DaJwse4Wbk+S0pJd2GX/ew==' 'sha256-gIxZRG34zb9BxCelpfjO2m5zg0+3Wtfeh1Gcj64tDug=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-N9ztf1wx+YHmIwKzGt/sA+NS8eQxN8/5QtVkkYWuyNM=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-gHa4knjthpBAOwMj74wzbRWv6CJ6cWJpYIzDHeMhsGE=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' ; style-src 'self' 'unsafe-inline' https: ; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com www.google.com/jsapi *.facebook.net *.facebook.com *.recaptcha.net *.gstatic.com; connect-src 'self' sentry.io 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://cdn.paddle.com https://checkout.paddle.com https://*.zopim.com https://*.zdassets.com; frame-src https://www.google.com/ https://optimize.google.com https://checkout.paddle.com https://buy.paddle.com https://create-checkout.paddle.com; connect-src 'self' https://d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://analytics.paddle.com https://browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1 child-src 'self'; connect-src 'self' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com https://*.adnxs.com https://*.cedexis.com https://*.eyeka.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.kameleoon.com https://*.pusher.com https://slaask.com; default-src 'self' data:; font-src 'self' data: http://*.eyeka.com https://*.embedly.com https://*.eyeka.com https://*.gstatic.com https://*.slaask.com; frame-src 'self' data: http://*.google.com http://*.youtube.com https://*.embedly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.kameleoon.com https://*.kameleoon.eu https://*.uservoice.com https://*.youtube.com; img-src 'self' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com http://*.s3.amazonaws.com http://*.youtube.com https://*.adnxs.com https://*.ads.linkedin.com https://*.amazonaws.com https://*.cdnetworks.net https://*.eyeka.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.am https://*.google.at https://*.google.be https://*.google.bg https://*.google.bj https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.cm https://*.google.co.ao https://*.google.co.cr https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.br https://*.google.com.co https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.lb https://*.google.com.mx https://*.google.com.my https://*.google.com.ng https://*.google.com.np https://*.google.com.pa https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.it https://*.google.kg https://*.google.kz https://*.google.lu https://*.google.me https://*.google.mu https://*.google.ne https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.sc https://*.google.se https://*.google.sn https://*.google.tn https://*.googleapis.com https://*.gravatar.com https://*.gstatic.com https://*.kameleoon.com https://*.licdn.com https://*.linkedin.com https://*.s3.amazonaws.com https://*.slaask.com https://*.twitter.com https://*.uservoice.com https://*.youtube.com https://t.co; manifest-src 'self'; media-src 'self' http://*.eyeka.com http://*.google.com http://*.s3.amazonaws.com https://*.amazonaws.com https://*.eyeka.com https://*.google.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.slaask.com; object-src 'self' data: http://*.eyeka.com https://*.eyeka.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com https://*.adnxs.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.cedexis.com https://*.embedly.com https://*.eyeka.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.id https://*.google.com https://*.google.fr https://*.google.ru https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.kameleoon.com https://*.licdn.com https://*.linkedin.com https://*.mouseflow.com https://*.mxpnl.com https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://*.slaask.com https://*.twitter.com https://*.uservoice.com https://twitter.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: http://*.eyeka.com https://*.embedly.com https://*.eyeka.com https://*.googleapis.com https://*.slaask.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_5839e7e0b36b4ff3bd538670ea663265 1 font-src *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com fonts.gstatic.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com insight.adsrvr.org www.affirm.com sandbox.affirm.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com script.google.com vars.hotjar.com *.klarnaservices.com *.online-metrix.net imgs.signifyd.com *.vimeo.com vimeo.com record.webeyez.com d.emails.wahoofitness.com *.yotpo.com *.youtube.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com secure.adnxs.com insight.adsrvr.org *.affirm.com bat.bing.com *.bazaarvoice.com dis.criteo.com gum.criteo.com ad.doubleclick.net stats.g.doubleclick.net www.facebook.com *.google.com *.gstatic.com eu.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com www.lightboxcdn.com alb.reddit.com imgs.signifyd.com t.co *.wahoofitness.com sp.analytics.yahoo.com *.yotpo.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com js.stripe.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io js.adsrvr.org lightboxapi.azurewebsites.net bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com *.affirm.com static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.google.com *.googleapis.com googleads.g.doubleclick.net www.googletagmanager.com www.gstatic.com static.hotjar.com script.hotjar.com www.lightboxcdn.com cdn.livesession.io js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com fonts.googleapis.com www.lightboxcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.bazaarvoice.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.affirm.com bam-cell.nr-data.net cdn.cookielaw.org track.cordial.io script.crazyegg.com stats.g.doubleclick.net *.dynamicyield.com www.google-analytics.com in.hotjar.com vc.hotjar.io eu.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com rs.livesession.io bam.nr-data.net privacyportal.onetrust.com insight.reflow.tv imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.addtoany.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.adsrvr.org *.thevoterguide.org *.typekit.net *.rockthevote.com s3.amazonaws.com *.google.com *.gstatic.com vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com www.googletagmanager.com ads.undertone.com; object-src 'self' 'unsafe-eval' *.rockthevote.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.thevoterguide.org *.addtoany.com *.amazonaws.com; img-src 'self' data: *.google-analytics.com *.facebook.com *.addtoany.com *.typekit.net vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com *.doubleclick.net www.googletagmanager.com www.google.com i.ytimg.com ads.undertone.com evt.undertone.com; frame-src 'self' *.vote411.org *.rockthevote.com *.addtoany.com insight.adsrvr.org www.google.com lwv.thevoterguide.org maps.google.com match.adsrvr.org www.facebook.com; frame-ancestors *.rockthevote.com; child-src *.rockthevote.com s3.amazonaws.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.typekit.net; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net performance.typekit.net www.google.com www.facebook.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'nonce-rkVdPllR73-75CO-w-g2-w' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 frame-ancestors 'self'; report-uri https://accounts.humanity.com/reportcsp.php 1 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com rec.smartlook.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net use.typekit.net; form-action 'self' https://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com youtube.com https://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://platform.twitter.com platform.twitter.com https://rec.smartlook.com rec.smartlook.com https://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://*.googleapis.com *.googleapis.com https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com 'unsafe-inline'; 1 default-src * blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=141-4657794-8040941:rid=3ZER9TD5RYX4T78ZMZTN:sn=www.audible.com 1 worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 1 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.blikk.hu::PROD_1_1_8_AWS 1 base-uri 'self'; child-src https://www.youtube.com; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.intercom.io wss://*.intercom.io; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly; 1 default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.uk&source%5Bsection%5D=brochure&source%5Buuid%5D=d626719fe0f39cd2703980ba44ec562f 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 1 default-src https: wss: data: blob: 'unsafe-inline' 1 default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 script-src 'unsafe-eval' 'self' fast.fonts.net www.google.com *.googleapis.com *.gstatic.com *.google-analytics.com platform.twitter.com cdn.api.twitter.com syndication.twimg.com *.facebook.net *.newrelic.com bs.serving-sys.com cdn.feedbackify.com www.googleadservices.com s.btstatic.com s.thebrighttag.com; object-src 'self' www.youtube.com maps.googleapis.com; media-src 'self' www.youtube.com; report-uri /flybuys-web/api/csp-report 1 script-src 'nonce-uBa7SI_Keo5cqxLW-9Zyvw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.twitter.com *.outbrain.com bam.nr-data.net bat.bing.com *.taboola.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com *.doubleclick.net *.hubspot.com api.hubapi.com js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com js.usemessages.com js.driftt.com *.yandex.ru svc.webspellchecker.net *.newrelic.com *.linkedin.com *.leadforensics.com *.bizographics.com *.outbrain.com gateway.zscloud.net www.google-analytics.com www.google.com www.google.ch www.google.ru www.google.co.in www.google.co.jp www.google.co.uk www.google.de www.google.com.sg www.google.com.pe www.google.co.th www.google.bg www.google.at https://www.google.es www.googleadservices.com www.googletagmanager.com *.gravatar.com statics.teams.cdn.office.net; report-uri /csp-reports 1 media-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com; font-src 'self' *.flocabulary.com use.typekit.net use.typekit.com data:; object-src 'self' *.flocabulary.com s3.amazonaws.com; frame-src 'self' www.facebook.com s3.amazonaws.com; frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us; script-src 'self' *.flocabulary.com www.googletagmanager.com 'sha256-h8gG1uNWi02S00uhnnPan+IfTOULBEi0D46e6eAw/dk=' connect.facebook.net apis.google.com ajax.googleapis.com www.google-analytics.com js.hsleadflows.net js.hs-analytics.net bam.nr-data.net js-agent.newrelic.com d1fc8wv8zag5ca.cloudfront.net 'nonce-T9Bigq2pFpsNkUjo'; connect-src 'self' sessions.bugsnag.com forms.hubspot.com biggie-the-cat.s3.amazonaws.com bam.nr-data.net; default-src 'self' *.flocabulary.com; style-src 'self' *.flocabulary.com use.typekit.net use.typekit.com p.typekit.net 'unsafe-inline'; img-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com s3.amazonaws.com biggie-the-cat.s3.amazonaws.com www.facebook.com track.hubspot.com events.fivetran.com www.google-analytics.com cx.atdmt.com stats.g.doubleclick.net data:; report-uri https://1790360b11fe0efc9c9d543e4d7dfa4d.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.br&source%5Bsection%5D=brochure&source%5Buuid%5D=b37d0e572a1b7d5692a252929e9de4d7 1 default-src 'unsafe-inline' 'unsafe-eval' 'self' *.moxa.com *.moxa.com.cn https://*.google.com *.addthis.com *.youtube.com; style-src 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.moxa.com *.moxa.com.cn www.googletagmanager.com www.youtube.com fast.fonts.net *.google-analytics.com *.crazyegg.com *.googleadservices.com cdn.bizible.com cdn-akamai.mookie1.com s.ytimg.com *.pingdom.net *.doubleclick.net *.marketo.net cdn.polyfill.io tags.tiqcdn.com tags.tiqcdn.cn *.marketo.net *.usabilla.com *.gstatic.com *.google.com *.facebook.net *.facebook.com *.addthis.com *.addthisedge.com *.googleapis.com *.googletagmanager.com *.youtube.com *.moatads.com cdn.onesignal.com *.swiftypecdn.com *.onesignal.com *.assets.zendesk.com easyid.scansafe.net static-resource.com cdn-javascript.net gateway.zscaler.net easyid.scansafe.com gateway.zscloud.net *.optnmnstr.com tribedone.org *.exeloncorp.com linkangood.com filter.nov.com rasenalong.com osskanger.com yastatic.net; connect-src 'self' *.mktoresp.com *.pingdom.net *.moxa.com *.moxa.com.cn *.facebook.com *.addthis.com *.google-analytics.com *.pingdom.net *.doubleclick.net *.zdassets.com *.api.opmnstr.com plugin.ucads.ucweb.com easyid.scansafe.net; frame-src 'self' *.doubleclick.net *.addthis.com *.google.com *.mookie1.com *.youtube.com *.googleapis.com *.akamaihd.net *.facebook.com ; img-src 'self' data: *; font-src 'self' data: *; media-src 'self' data: *.gstatic.com; report-uri https://moxacsp.report-uri.com/r/d/csp/reportOnly 1 upgrade-insecure-requests; block-all-mixed-content; report-uri https://diyaudioreport.report-uri.com/r/d/csp/reportonly 1 connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: m.addthis.com s7.addthis.com *.doubleclick.net www.google-analytics.com api-public.addthis.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: s7.addthis.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: s7.addthis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com s7.addthis.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com v1.addthisedge.com api-public.addthis.com s7.addthis.com m.addthis.com z.moatads.com www.googletagmanager.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com www.google.com ipv6-test.com www.google.co.th ; form-action 'none' data: blob: ; report-uri /csp_report 1 default-src 'self' *.antpedia.com v.antwebinar.com hm.baidu.com m.baidu.com jspassport.ssl.qhimg.com *.google-analytics.com zz.bdstatic.com s.ssl.qhres.com sp0.baidu.com s.360.cn c.mipcdn.com wpa.qq.com res.wx.qq.com mp.weixin.qq.com msite.baidu.com ae.bdstatic.com share.baidu.com bdimg.share.baidu.com *.alicdn.com *.cn-hangzhou.log.aliyuncs.com *.dns-detect.alicdn.com browser.sentry-cdn.com push.zhanzhang.baidu.com po.srf.baidu.com toutong.baidu.com static.bshare.cn cdn.jsdelivr.net sentry.io *.googleapis.com *.cnzz.com api.map.baidu.com *.uc.cn uc.gre *.gstatic.com *.ucweb.com bshare.optimix.cn s2.pstatp.com 'unsafe-inline' 'unsafe-eval'; img-src * data: ; upgrade-insecure-requests; report-uri https://www.antpedia.com/scp-report/index.php 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.in&source%5Bsection%5D=brochure&source%5Buuid%5D=ed631726fac5f1c2660848503a12270a 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ytimg.com *.vimeo.com www.youtube.com www.google.com www.google.no assets.adobedtm.com sparebank1.d3.sc.omtrdc.net *.cicero.no *.sparebank1.no *.googletagmanager.com cdn.tt.omtrdc.net; style-src 'self' 'unsafe-inline' *.sparebank1.no www.youtube.com services.cicero.no translate.googleapis.com; img-src 'self' *.ytimg.com secure.adnxs.com track.adform.net *.doubleclick.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net alliansesamarbeidets.tt.omtrdc.net cm.everesttech.net www.facebook.com *.sparebank1.no *.boost.ai www.google.no www.google.com *.demdex.net resources.mynewsdesk.com www.googletagmanager.com www.gstatic.com data:; connect-src 'self' *.cicero.no *.demdex.net *.omtrdc.net *.brreg.no *.sparebank1.no www.mynewsdesk.com publish.ne.cision.com translate.googleapis.com; font-src 'self' *.sparebank1.no resources.mynewsdesk.com services.cicero.no data:; media-src 'self'; frame-ancestors 'self'; frame-src 'self' www.sr-finans.no *.sparebank1.no lt.morningstar.com www.youtube.com *.vimeo.com assets.adobedtm.com *.demdex.net sparebank1.demdex.net www.sign.nets.eu ir.asp.manamind.com www.sb1finans.no www.snnfinans.no dbsnn.no www.googletagmanager.com *.doubleclick.net www.ident.nets.eu www.sb1fo.no www.webcruiter.no *.easycruit.com; report-uri /bin/logservlet 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://dpm.demdex.net https://s.ytimg.com https://secure.adnxs.com https://go.ucg.datafront.co https://bs.serving-sys.com https://secure-ds.serving-sys.com https://bs.serving-sys.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://dpm.demdex.net https://s.ytimg.com https://secure.adnxs.com https://go.ucg.datafront.co https://bs.serving-sys.com https://secure-ds.serving-sys.com https://bs.serving-sys.com ; frame-src 'self' https://www.google.com https://unicreditgroup.demdex.net https://maps.google.it https://player.vimeo.com https://1c-ir.mdgms.com https://www.youtube.com ; connect-src 'self' https://datacloud-eu-central-1.tealiumiq.com https://datacloud.tealiumiq.com https://dpm.demdex.net wss://dpm.demdex.net https://sucmetrics.unicreditgroup.eu https://unicreditgroup.eu.ssl.d2.sc.omtrdc.net https://www.youtube.com ; img-src 'self' data: https://sucmetrics.unicreditgroup.eu https://dpm.demdex.net https://img.youtube.com https://i1.ytimg.com https://i.ytimg.com https://image-store.slidesharecdn.com https://cm.everesttech.net https://pbs.twimg.com https://1c-ir.mdgms.com https://www.gstatic.com https://uconnect.tealiumiq.com ; font-src 'self' data: https://fonts.gstatic.com ; report-uri https://99292460923f7797dcafb08a4940886e.report-uri.com/r/d/csp/reportOnly 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.nanohub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://nanohub.org https://www.dropbox.com https://graph.facebook.com; default-src 'self' data: https://*.nanohub.org https://*.nanohub.aws.hubzero.org; font-src 'self' about: https://fonts.gstatic.com data: safari-extension: chrome-extension:; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' https://*.nanohub.org https://*.nanohub.aws.hubzero.org https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com https://player.vimeo.com; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com;report-uri https://csp.hubzero.org/csp-cms.php;report-to cms 1 img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: images.ctfassets.net *.doubleclick.net *.online-metrix.net ct.pinterest.com www.regence.com beonbrand.getbynder.com id.rlcdn.com data.adxcel-ec2.com p.adsymptotic.com bam.nr-data.net hooru.regence.com p.typekit.net jadserve.postrelease.com www.facebook.com segments.company-target.com use.typekit.net pc2-datacloud.tealiumiq.com match.prod.bidr.io connect.facebook.net www.google.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.regence.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.regence.com hooru.regence.com; form-action www.regence.com providers.regence.com www.facebook.com ct.pinterest.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: providers.regence.com maxcdn.bootstrapcdn.com bam.nr-data.net ct.pinterest.com pc2-collect.tealiumiq.com www.regence.com regence-triage-api.prd.janusplatform.io www.cambiahealthplanapis.com api.company-target.com www.google.com segments.company-target.com hooru.regence.com www.facebook.com secure-ds.serving-sys.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net secure-ds.serving-sys.com www.regence.com www.youtube.com bam.nr-data.net js-agent.newrelic.com bs.serving-sys.com snap.licdn.com tag.demandbase.com ajax.googleapis.com cdnjs.cloudflare.com tags.tiqcdn.com polyfill.io maxcdn.bootstrapcdn.com h.online-metrix.net hooru.regence.com use.typekit.net connect.facebook.net pc2-datacloud.tealiumiq.com www.google.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.force.com www.regence.com www.shop.regence.com providers.regence.com h.online-metrix.net hooru.regence.com secure-ds.serving-sys.com www.youtube.com www.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com; report-uri /csp_report 1 script-src 'nonce-KVweos9Bd1fsiKpchivwLw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'unsafe-eval' 'unsafe-inline' blob blob: data: https: wss:; block-all-mixed-content; report-uri /csp.php?h=f743080d&v=4 1 report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1 script-src 'unsafe-eval' 'unsafe-inline' 'self' *.signaturehardware.com initjs.rfk.signaturehardware.com *.rfksrv.com cdn.pdst.fm cdn.curalate.com tpc.googlesyndication.com c.zmags.com *.affirm.com s.go-mpulse.net *.authorize.net *.bazaarvoice.com *.cloudfront.net *.cloudmaestro.com *.criteo.com *.criteo.net *.listrakbi.com *.pepperjam.com *.pinterest.com *.steelhousemedia.com c.z-analytics.net code.jquery.com widget-mediator.zopim.com bam.nr-data.net bat.bing.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com maps.googleapis.com pinterest.adsymptotic.com pixel.mathtag.com platform.houzz.com s.pinimg.com services.listrak.com static.chartbeat.com static.site24x7rum.com static.zdassets.com tracking.deepsearch.adlucent.com v2.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.signaturehardware.com www.youtube.com pixel.snapsmedia.io boards.greenhouse.io s.ytimg.com edge.curalate.com nexus.ensighten.com mpsnare.iesnare.com cdn.noibu.com getrockerbox.com cdns.brsrvr.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1 report-uri https://csp.edipresse.pl/report/party; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1 font-src *.cloudflare.com *.twitter.com fonts.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.tawk.to 'self' data: maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com www.google.com accounts.google.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com api.razorpay.com *.twitter.com *.google.com *.addthis.com *.doubleclick.net www.google.com accounts.google.com www.googletagmanager.com googletagmanager.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.jsdelivr.net *.google.com *.ccavenue.com www.google.com accounts.google.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com js.stripe.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.googletagmanager.com embed.tawk.to googleads.g.doubleclick.net cdn.jsdelivr.net *.razorpay.com www.google.com accounts.google.com googletagmanager.com connect.facebook.net twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com lumberjack.razorpay.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.tawk.to www.google-analytics.com *.doubleclick.net www.google.com accounts.google.com www.googletagmanager.com googletagmanager.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://magecomp.com/; report-to report-endpoint; 1 report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV3VOE24ov0vchYgO3uoxKHdePxnKoFiICkeq1Vt2reRBEg4zYmpS2XL1UJS-0Ova9gUiV2PUH3EvuXcIOdrBPvAUgkIP-ZRbRMryNUY6YGqAQ== ; block-all-mixed-content ; default-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.it https://*.videoask.live ; script-src 'report-sample' 'self' 'unsafe-eval' https://*.videoask.com https://*.videoask.it https://*.videoask.live 'unsafe-inline' https://js.stripe.com https://www.dropbox.com https://cdn.amplitude.com https://cdn.cookielaw.org https://cdn.rollbar.com https://cdn.segment.com https://connect.facebook.net https://fast.wistia.com https://script.crazyegg.com https://snap.licdn.com https://snippet.growsumo.com https://www.google-analytics.com https://www.googletagmanager.com https://*.intellimize.co ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' data: blob: android-webview-video-poster: https: ; media-src 'report-sample' 'self' blob: data: https: ; connect-src 'report-sample' 'self' blob: https://*.videoask.com https://*.videoask.it https://*.videoask.live wss://*.videoask.live wss://*.videoask.com https://videoask-media-dev.s3-accelerate.amazonaws.com https://videoask-media-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3-accelerate.amazonaws.com https://videoask-uploads-prod.s3-accelerate.amazonaws.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.launchdarkly.com https://*.pexels.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://*.g.doubleclick.net https://www.google-analytics.com https://*.crazyegg.com https://p.adsymptotic.com https://www.facebook.com https://track.segmetrics.io https://*.google.com https://grsm.io https://cdn.cookielaw.org https://*.onetrust.com https://*.contentful.com https://videoask.zendesk.com https://*.intellimize.co ; style-src 'report-sample' 'self' https://font.typeform.com 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://cdn.quilljs.com ; font-src 'report-sample' 'self' data: https://font.typeform.com https://fonts.gstatic.com ; frame-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.it https://*.videoask.live https://calendly.com https://app.acuityscheduling.com https://js.stripe.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.wistia.com https://www.facebook.com https://6g4qf7txd07m.statuspage.io ; frame-ancestors * ; object-src 'none' ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com hc-cdn.visma.net cdn.wootric.com production.wootric.com eligibility.wootric.com; img-src * 'unsafe-inline' 'unsafe-eval'; report-uri /ajax/logging/log_csp_report 1 default-src 'self' https://www.google.com/ https://www.google-analytics.com/ https://cm.everesttech.net/ https://s3.amazonaws.com/; connect-src 'self' https://c.go-mpulse.net/ https://captcha.gecirtnotification.com/ https://www.google-analytics.com/ https://*.clicktale.net https://api.addsearch.com/ https://ds-aksb-a.akamaihd.net/RRT https://api.company-target.com/ https://rs.fullstory.com/ https://secure-ds.serving-sys.com/ https://vendorlist.consensu.org/vendorlist.json https://gepowerandwater.tt.omtrdc.net/ https://gepowerandwater.d2.sc.omtrdc.net/ https://dpm.demdex.net/ https://232-dkg-508.mktoresp.com/; font-src 'self' data:; frame-src https://app-abm.marketo.com/ https://www.linkedin.com/ https://captcha.gecirtnotification.com/ https://content.gepower.com/ https://www.slideshare.net/ https://anchor.fm/ https://tribl.io/ https://citia.com/ https://www.thinglink.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://gepowerwater.demdex.net/ https://app-ab10.marketo.com/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://fssfedpitc.ge.com/ https://www.google.com https://www.youtube.com; img-src 'self' data: https://www.google.com.sg/ https://cdn.thinglink.me/ https://captcha.gecirtnotification.com/ https://gepoweradnwater.d2.sc.omtrdc.net/ https://www.gepower.com/ https://www.googletagmanager.com/ https://clients1.google.com/ https://www.googleapis.com/ https://app-abm.marketo.com/ https://*.clicktale.net https://match.prod.bidr.io/ https://i.ytimg.com/ https://app-ab10.marketo.com/ https://segments.company-target.com/ https://www.genewsroom.com/ https://cm.everesttech.net/ https://ds-aksb-a.akamaihd.net/ https://c.evidon.com/ https://dpm.demdex.net/ https://syndication.twitter.com/ https://platform.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://img.youtube.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://stats.g.doubleclick.net/ https://gepowerandwater.d2.sc.omtrdc.net/ https://p.adsymptotic.com/ https://c.evidon.com/pub/icong1.png https://www.google.com/ https://p.adsymptotic.com/ https://l.betrad.com/ https://www.facebook.com/ https://www.google.co.in/ https://www.ge.com/ https://tribl.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://tracking.skyword.com/ https://tracking.skyword.com/ https://www.gstatic.com/ https://www.thinglink.com/ https://api.company-target.com/ https://gateway.zscalertwo.net/ https://share.yandex.ru/ https://opensharecount.com/ https://cdn.thinglink.me/ https://code.jquery.com/ https://graph.facebook.com/ https://upgrademyengine.gepower.com/p/modal.js https://captcha.gecirtnotification.com/ https://www.linkedin.com/ https://s.go-mpulse.net/ http://tracking.skyword.com/ https://s.ytimg.com/ https://iabmap.evidon.com/ https://fullstory.com/ https://www.googleadservices.com/ https://cse.google.com/ https://www.google.com/ https://bs.serving-sys.com/ https://scripts.demandbase.com/ https://app-ab10.marketo.com/ https://www.google.com/ https://cse.google.com/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://cdnssl.clicktale.net/ https://secure-ds.serving-sys.com/ https://app-sjg.marketo.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://app-abm.marketo.com/ https://app-abm.marketo.com/ https://tribl.io/ https://cdn.syndication.twimg.com/ https://munchkin.marketo.net/ https://platform.twitter.com/ https://assets.adobedtm.com/ https://www.youtube.com/ https://assets.adobedtm.com/ https://iabmap.evidon.com/ https://evidon.mgr.consensu.org/iab/getcookie https://munchkin.marketo.net/157/munchkin.js https://www.google-analytics.com/ https://app-abm.marketo.com/ https://www.googleadservices.com/pagead/conversion_async.js https://connect.facebook.net/ https://c.evidon.com/ https://www.googletagmanager.com/gtag/ https://assets.adobedtm.com/bc9497247b8f/38f2d572529a/591c6385ea20/RC6dd8c3871a654d11b5f975f0da26fef7-source.min.js https://www.googletagmanager.com/gtag/ https://googleads.g.doubleclick.net/ https://sjs.bizographics.com/insight.min.js https://www.ge.com/ https://*.clicktale.net https://*.demandbase.com/;style-src 'self' 'unsafe-inline' https://cdn.thinglink.me/ https://scripts.demandbase.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://app-abm.marketo.com/ https://www.google.com/ https://tribl.io/ https://app-ab10.marketo.com/ https://platform.twitter.com/ https://ton.twimg.com/ ;frame-ancestors 'self'; base-uri 'self'; 1 font-src *.sagepay.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://bootstrapcdn.com https://fonts.gstatic.com 'self' data: https://v2.zopim.com https://maxcdn.bootstrapcdn.com https://static-v.tawk.to https://*.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com https://www.facebook.com/ https://www.securesuite.co.uk https://syndication.twitter.com https://platform.twitter.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sagepay.com https://player.vimeo.com https://widget.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://pi-live.sagepay.com https://www.google.com/ https://www.securesuite.co.uk https://platform.twitter.com https://syndication.twitter.com https://secure.pay1.de https://*.klarnaservices.com https://*.zenaps.com/ https://*.cloudflare.com https://klarna-payments-eu.klarna.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.paypal.com *.sagepay.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com 'self' data: https://www.sagepay.co.uk https://dsum-sec.casalemedia.com https://pixel.advertising.com https://v2.zopim.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://trc.taboola.com https://v2assets.zopim.io https://eb2.3lift.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://cdn.jsdelivr.net https://abs.twimg.com https://*.klarnaservices.com https://*.klarnacdn.net/ https://*.tawk.to/ https://www.gstatic.com https://*.kidscavern.co.uk https://www.opayo.co.uk http://*.zenaps.com https://*.cloudflare.com https://cdn1.iconfinder.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.sagepay.com https://www.googletagmanager.com https://chimpstatic.com http://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com http://static.hotjar.com https://connect.facebook.net https://pixel.advertising.com https://www.google.com https://www.gstatic.com https://v2.zopim.com https://static.zdassets.com https://widget-mediator.zopim.com http://magemail.co https://pi-live.sagepay.com https://pcls1.craftyclicks.co.uk http://cdnjs.cloudflare.com http://cdn.livechatinc.com http://js.klevu.com https://secure.livechatinc.com https://maps.googleapis.com http://platform.twitter.com http://twitter.com https://cdn.syndication.twimg.com https://ict.infinity-tracking.net https://cdn.jsdelivr.net https://cdn.klarna.com https://register.feefo.com https://eu-library.klarnaservices.com https://*.klarnacdn.net http://*.google.com http://*.tidio.co https://*.tidiochat.com/ http://widget-v4.tidiochat.com https://*.dwin1.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.zenaps.com http://*.zenaps.com https://*.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com https://use.fontawesome.com https://bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://twitter.com https://ton.twimg.com https://maxcdn.bootstrapcdn.com http://fonts.googleapis.com https://platform.twitter.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://widget-v4.tidiochat.com//tururu.mp3 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://ekr.zdassets.com https://cdn.livechatinc.com wss://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://va.tawk.to https://api.feefo.com https://vsb108.tawk.to https://ict.infinity-tracking.net https://tawk.to https://static-v.tawk.to wss://*.tawk.to https://vsb52.tawk.to *.tawk.to https://*.klarnauserservices.com https://*.klarnaevt.com wss://*.tidio.co http://*.tidiochat.com https://*.zenaps.com https://stats.g.doubleclick.net https://*.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /envisagecsp; report-to report-endpoint; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' wss://chat.20i.com:*; img-src https: 'self' data:; frame-src https: 'self' data:; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp:; report-uri /csp-report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss *.vodafone.ie *.netlify.app maps.googleapis.com ajax.googleapis.com *.gstatic.com twitter.com www.facebook.com tags.tiqcdn.com www.parkingtag.ie www.gari.info www.apple.com hello.donedeal.ie xd.wayin.com www.w3.org youtu.be www.umlaut.com consumer.huawei.com www.itrs.ie play.google.com itunes.apple.com www.linkedin.com www.vodafone.com www.comreg.ie www.buygamecredit.com eshop.v.vodafone.com support.google.com www.vodafonexlevelup.com vodafonexlevelup.com img.youtube.com coveragemap.comreg.ie vodafonefaf.ie www.itrs.ie careers.vodafone.com www.youtube.com universaldesign.ie www.irma.ie www.dublinairport.com www.facebook.com v.vodafone.com www.hmdglobal.com wmstatic.global.ssl.fastly.net safeavenue.f-secure.com www.just-eat.ie www.samsung.com support.apple.com www.vodafone.com www.inhope.org get.adobe.com offers.vodafone.com headbomz.ie onenet.vodafone.com support.microsoft.com www.vodafonefaf.ie twitter.com www.samsung.com vodafone.irishrugby.ie staymobile.ie www.vodafonecashback.com www.sanebox.com www.hotline.ie www.cnn.com pixel-offers.co.uk vodafonefaf.ie www.hse.ie www.checkmend.com www.butlerschocolates.com www.microsoft.com www.onepagecrm.com www.zimperium.com track.anpost.ie live.vodafone.com www.huaweipromo.co.uk www.tradedoubler.com www.anpost.ie www.ec.europa.eu www.studiocoast.com.au www.dropbox.com vfie.speedtestcustom.com nvodafone.ie apps.apple.com www.vodafonefaf.ie www.apple.com samsung.com 20202.samsungpromotions.claims www.ispai.ie www.umlaut.com www.promotions.fairphone.com www.nokia.com 10.163.135.120 www.gov.ie servicechecker.comreg.ie personalbanking.bankofireland.com vodafone.canterbury.com help.yahoo.com www.dataprivacy.ie www.sky.com accessories-22.myshopify.com ie-mktg.vodafone.com kinsta.com www.vodafonecash.com www.samsungcashback.com futurejobsfinder.vodafone.com www.comreg.ie www.tclpromotions.com myeasypay.com ie.linkedin.com webgate.ec.europa.eu www.whydesign.ie www.tradedoubler.com www.butlerschocolates.com www.ethicalconsumer.org www.ispcc.ie edition.cnn.com staymobile.ie www.yourreadybusiness.co.uk www.hotline.ie money.cnn.com www.dataprotection.ie www.actiview.io www.operateremote.com windows.microsoft.com signup.paloaltonetworks.com www.mckinsey.com www.cisco.com get.adobe.com myeasypay.com tags.tiqcdn.com www.libertyhumanrights.org.uk www.phonesmart.ie www.5gruralfirst.org www.tclcom.com start.vodafone.com fiksukalasatama.fi www.pixelpod.ie vfglogin.vodafone.com www.mattgriffin.online www.winterready.ie omniturecom.112.2o7.net www.obrien.ie www.inhope.org www2.deloitte.com www.irishexaminer.com www.centralbank.ie www.thebuildingblock.ie www.irishtimes.com www.aboutcookies.org onedrive.live.com img.en25.com offers.vodafone.com itunes.apple.com www.samsungcashback.com servicechecker.comreg.ie www.kippy.eu www.siliconrepublic.com guce.yahoo.com ec.europa.eu gstatic.com www.anpost.com www.mozilla.org www.f-secure.com 46.22.130.115 www.netflix.com www.statustoday.com support.apple.com business.vodafone.com community.office365.com www.podtrackers.com www.dublinairport.com allaboutcookies.org www.patagonia.com asiam.ie www.fao.org www.checkmend.com bit.ly www.britannica.com www.portershed.com www.abodoo.com buffer.com www.spotify.com www.fieldfisher.com www.just-eat.ie trackimo.com www.promotions.fairphone.com www.un.org www.handsfreehectare.com www.firetrade.ie netgear.com www.sky.com vfsustreport.ie siro.ie www.ispcc.ie medium.com www.parentline.ie personalbanking.bankofireland.com www.huaweipromo.co.uk accounts-emea.f-secure.com www.telecomitalia.com events.paloaltonetworks.com www.icloud.com vodafone.digitalmagazines.online www.iubenda.com promotions.fairphone.com fonts.googleapis.com portershed.com ad.doubleclick.net ajax.googleapis.com consent.yahoo.com www.anpost.com support.mozilla.org www.operateremote.com www.patagonia.com www.spotify.com firetrade.ie api.developer.vodafone.com whydesign.ie blog.statustoday.com www.googleadservices.com content.lon5.atomz.com www.dataprotection.ie www.obrien.ie www.ethicalconsumer.org www.handsfreehectare.com www.thebuildingblock.ie www.fonfix.ie www.netgear.com help.netflix.com www.instagram.com www.fonfix.com samsungcashback.com prd.offers.vodafone.com djeniwjzq77re.cloudfront.net display.engagesciences.com idgw.vodafone.com www.gruppotim.it portershed.com support.office.com promotions.fairphone.com operateremote.com partners.vodafone.com fls.doubleclick.net support.spotify.com start.vodafone.com www.google.com www.googleadservices.com fonts.googleapis.com ie-chat.ext.vodafone.com optanon.blob.core.windows.net geolocation.onetrust.com was.vodafone.ie connect.facebook.net *.hotjar.com vodafoneirl.tt.omtrdc.net gcpsmapi.vodafone.com nebula-cdn.kampyle.com udc-neb.kampyle.com s1525.t.eloqua.com dpm.demdex.net vodafoneirl.demdex.net cm.everesttech.net a1.adform.net s2.adform.net c1.adform.net privacyportal-eu.onetrust.com wa.vodafone.ie bpvx.vodafone.ie; 1 default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https:; report-uri /report-mixed-content 1 default-src 'none'; connect-src https://cdn-ukwest.onetrust.com https://links.services.disqus.com https://ds-aksb-a.akamaihd.net https://services.postcodeanywhere.co.uk https://colres.sitelabweb.com https://api.247-inc.net https://api.bazaarvoice.com https://api.particularaudience.com https://bam.nr-data.net https://ct.pinterest.com https://d1af033869koo7.cloudfront.net https://in.particularaudience.com https://tie.247-inc.net https://ws.sessioncam.com https://www.facebook.com https://www.google-analytics.com 'self'; font-src data: https://cdn.habitat.co.uk https://fonts.gstatic.com 'self'; form-action https://r1.dmtrk.net https://hps.datacash.com https://syndication.twitter.com https://www.facebook.com 'self'; frame-ancestors 'self'; frame-src 'self' https://disqus.com https://r1.dotdigital-pages.com https://*.fls.doubleclick.net https://d1af033869koo7.cloudfront.net https://platform.twitter.com https://staticxx.facebook.com https://syndication.twitter.com https://wkxppshj-qx.global.ssl.fastly.net https://www.facebook.com https://www.google.com; img-src data: https://az.sitelabweb.com https://c.disquscdn.com https://referrer.disqus.com https://photos-eu.bazaarvoice.com https://www.awin1.com https://display.ugc.bazaarvoice.com https://network-eu.bazaarvoice.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://www.zenaps.com https://khms0.googleapis.com https://khms1.googleapis.com https://abs.twimg.com https://bam.nr-data.net https://cdn.habitat.co.uk https://colrep.sitelabweb.com https://colres.sitelabweb.com https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://i.pinimg.com https://maps.googleapis.com https://maps.gstatic.com https://pbs.twimg.com https://platform.twitter.com https://r1.trackedweb.net https://ssl.google-analytics.com https://syndication.twitter.com https://ws.sessioncam.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk 'self' https://www.zenaps.com; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https://az.sitelabweb.com https://cdn-ukwest.onetrust.com https://c.disquscdn.com https://r1.dotdigital-pages.com https://analytics-static.ugc.bazaarvoice.com https://api.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://display.ugc.bazaarvoice.com https://network-eu.bazaarvoice.com https://cdn.480app.com https://colres.sitelabweb.com https://habit11118.pcapredict.com https://sainsburys.ca.assist.247-inc.net https://services.postcodeanywhere.co.uk https://ajax.googleapis.com https://assets.pinterest.com https://bam.nr-data.net https://cdn.habitat.co.uk https://cdn.particularaudience.com https://cdn.syndication.twimg.com https://connect.facebook.net https://d1af033869koo7.cloudfront.net https://d2oh4tlt9mrke9.cloudfront.net https://ds-aksb-a.akamaihd.net https://googleads.g.doubleclick.net https://habitatblog.disqus.com https://js-agent.newrelic.com https://kiybdhzql-g.global.ssl.fastly.net https://log.pinterest.com https://maps.googleapis.com https://platform.twitter.com https://r1-t.trackedlink.net https://s.pinimg.com https://ssl.google-analytics.com https://static.trackedweb.net https://webinsight.s3.amazonaws.com https://widgets.pinterest.com https://wkxppshj-qx.global.ssl.fastly.net https://ws.sessioncam.com https://www.dwin1.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com 'self' https://www.ist-track.com; style-src 'unsafe-inline' 'self' https://plaform.twitter.com https://c.disquscdn.com https://display.ugc.bazaarvoice.com https://fonts.googleapis.com https://services.postcodeanywhere.co.uk https://cdn.habitat.co.uk; worker-src blob:; report-uri https://www.habitat.co.uk/csp-report 1 default-src 'none'; connect-src 'self' data: https://titanic.honeybadger.io https://*.convertkit.com/ https://*.profitwell.com https://*.usefathom.com/ https://echidna.honeybadger.io/ https://stats.g.doubleclick.net https://www.google-analytics.com https://api.segment.io/v1/ https://*.wistia.com/x https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://rmbutterfly.com/1661691228/ https://embedwistia-a.akamaihd.net/; font-src 'self' data: http://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https://*.profitwell.com https://*.usefathom.com/ https://echidna.honeybadger.io/ https://honeybadger-static.s3.amazonaws.com https://docs-honeybadger.s3.amazonaws.com/ https://www.googletagmanager.com/ https://*.wistia.com/ https://www.gstatic.com https://stats.g.doubleclick.net https://ton.twimg.com https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://d3aei7d2k8qp8j.cloudfront.net https://embedwistia-a.akamaihd.net https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.profitwell.com https://*.usefathom.com/ https://echidna.honeybadger.io/ https://gist.github.com https://www.googletagmanager.com/ https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.segment.com/analytics.js/v1/Vh0hrL9NfiyA8PXfEW4pPCQbrkG2bBAy/analytics.min.js https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com/ https://www.gstatic.com/; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.angusrobertson.com.au; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.secure-afterpay.com.au bam.nr-data.net *.hotjar.com googleads.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.google.com *.gstatic.com *.forter.com *.visualwebsiteoptimizer.com *.cloudfront.net static.scarabresearch.com cdn.scarabresearch.com apis.google.com *.criteo.com static.criteo.net *.newrelic.com connect.facebook.net platform.twitter.com d.impactradius-event.com *.afterpay.com; connect-src 'self' blob: *.cloudfront.net *.google-analytics.com *.hotjar.io *.nr-data.net stats.g.doubleclick.net *.emarsys.net *.scarabresearch.com *.hotjar.com *.salecycle.com *.forter.com opentag-stats.qubit.com *.visualwebsiteoptimizer.com recommender.scarabresearch.com angusrobertson.4tqiav.net; img-src 'self' data: *.criteo.net *.google-analytics.com *.google.com *.bing.com *.google.com.au *.pinterest.com *.cloudfront.net *.visualwebsiteoptimizer.com *.facebook.com syndication.twitter.com *.secure-afterpay.com.au *.angusrobertson.com.au *.loggly.com; frame-src 'self' *.cloudfront.net *.angusrobertson.com.au *.google.com platform.twitter.com www.facebook.com staticxx.facebook.com www.youtube.com *.criteo.com *.criteo.net *.hotjar.com *.salecycle.com bid.g.doubleclick.net 1 media-src briefly.ru video-preview.s3.yandex.net www.litres.ru www.storytel.se d3ctxlq1ktw2nl.cloudfront.net file2.podfm.ru secure-ds.serving-sys.com tube.buzzoola.com; report-uri https://briefly.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.sg&source%5Bsection%5D=brochure&source%5Buuid%5D=652744d8cee1c6607cee4ac7e3eb48db 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://vwtjtrxk3sfdp0kvpob5s8gb.httpschecker.net/report 1 default-src 'none'; img-src *; frame-src *; script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri https://www.tyan.com 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /errorendpoint.html 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri /data/csp 1 font-src https://use.typekit.net https://maxcdn.bootstrapcdn.com fonts.gstatic.com login.libproxy.library.unt.edu login.myaccess.library.utoronto.ca 'self' 'unsafe-inline'; form-action https://pilot-payflowlink.paypal.com test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es payflowlink.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://cdn.jst.ai https://s7.addthis.com https://rgray-springerpub.formtitan.com https://www.google.com https://pilot-payflowlink.paypal.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es app-ab04.marketo.com assets.pinterest.com bid.g.doubleclick.net payflowlink.paypal.com vars.hotjar.com www-google-com.libproxy.library.unt.edu www.facebook.com www.youtube.com 'self' 'unsafe-inline'; img-src https://d2ldlvi1yef00y.cloudfront.net www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es a.rfihub.com aa.agkn.com adadvisor.net ads.avocet.io ads.scorecardresearch.com ads.yahoo.com app-ab04.marketo.com assets.crossref.org b1img.com bcp.crwdcntrl.net beacon.krxd.net beacon.walmart.com cm.adgrx.com cm.g.doubleclick.net cms.analytics.yahoo.com connect.facebook.net csyn-r.cxense.com cw.addthis.com d.adroll.com d.agkn.com d.turn.com d.xp1.ru4.com data: deviceid.trueleadid.com dmp.adform.net dmp.truoptik.com dpm.demdex.net ds.reson8.com dsp.adfarm1.adition.com dsum-sec.casalemedia.com e.dlx.addthis.com e.nexac.com eb2.3lift.com ei.rlcdn.com epiv.cardlytics.com fcmatch.google.com fcmatch.youtube.com google.com gpush.cogocast.net gum.criteo.com gwiq-v3.globalwebindex.net h.parrable.com i.liadm.com iad02-login-ds.dotomi.com iad03-login-ds.dotomi.com ib.adnxs.com idsync.reson8.com idsync.rlcdn.com idx.listrakbi.com image2.pubmatic.com img.webmd.com lghttp.48653.nexcesscdn.net live.rezync.com liveramp2waycm-atl.netmng.com loadm.exelator.com log.pinterest.com login-ds.dotomi.com login.dotomi.com lrp.mxptint.net lrpush.apxlv.com magnetic.t.domdex.com match.adsrvr.org match.prod.bidr.io ml314.com nexus.entitytag.co.uk odr.mookie1.com p.adsymptotic.com p.rfihub.com pippio.com pixel.advanseads.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.sitescout.com pixel.spotify.com platform.rtbiq.com pm.w55c.net presentation-hkg1.turn.com prod.y-medialink.com pt.ispot.tv px.ads.linkedin.com px.surveywall-api.survata.com rc.rlcdn.com rtb.adentifi.com s.acxiomapac.com s.amazon-adsystem.com secure-gl.imrworldwide.com secure.insightexpressai.com seg.sharethis.com segments.company-target.com simage2.pubmatic.com springerpub.com srv4j.net ssum.casalemedia.com stags.bluekai.com subscription.omnithrottle.com sync-tm.everesttech.net sync.ipredictive.com sync.mathtag.com sync.outbrain.com sync.placelocal.com sync.srv.stackadapt.com sync.taboola.com sync.tidaltv.com sync.vmweb.net tag.apxlv.com tag.cogocast.net tag.yieldoptimizer.com tags.bluekai.com tags.rd.linksynergy.com testgvbgjbhjb.com tg.socdm.com thrtle.com token.rubiconproject.com tr.snapchat.com uipglob.semasio.net um.simpli.fi upload.wikimedia.org ups.analytics.yahoo.com us-u.openx.net usermatch.krxd.net usersync.videoamp.com widget.criteo.com www.addthis.com www.entitytag.co.uk www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.za www.google.com www.google.com.ar www.google.com.au www.google.com.co www.google.com.hk www.google.com.mx www.google.com.ng www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.tr www.google.com.tw www.google.de www.google.es www.google.fi www.google.ie www.google.it www.google.lt www.google.ml www.google.nl www.google.ru www.google.se www.googletagmanager.com www.gstatic.com www.linkedin.com www.springerpub.com www.vitalsource.com x.bidswitch.net x.dlx.addthis.com zdbb.net 'self' 'unsafe-inline'; script-src https://munchkin.marketo.net https://cdn.jst.ai https://my.jst.ai https://analytics.jst.ai https://www.googletagmanager.com https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://graph.facebook.com https://api-public.addthis.com https://d3v0iqf1i1i9dg.cloudfront.net https://www.google.com https://www.gstatic.com https://vk.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es app-ab04.marketo.com assets.pinterest.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org googleads.g.doubleclick.net mtvwa3.d2sri.com pippio.com s.adroll.com s.dca0.com script.hotjar.com sn.dca0.com snap.licdn.com static.hotjar.com tools.justuno.com widgets.pinterest.com www-google-com.libproxy.library.unt.edu www.googletagmanager.com www.hoexoxg.site *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://use.typekit.net https://p.typekit.net https://maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://analytics.jst.ai https://512-tee-232.mktoresp.com https://m.addthis.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es 'self' 512-tee-232.mktoutil.com api-public.addthis.com in.hotjar.com *.dca0.com my.jst.ai stats.g.doubleclick.net t.dca0.com vc.hotjar.io www.facebook.com www.google-analytics.com www.springerpub.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://springercsp.report-uri.com/r/d/csp/wizard; report-to report-endpoint; 1 default-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 default-src 'self' *.hsbc.fr; script-src 'self' 'unsafe-eval' *.hsbc.fr 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.fr 'unsafe-inline'; img-src 'self' *.hsbc.fr data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.fr hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.fr col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com/; 1 default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 1 script-src 'unsafe-eval' 'unsafe-inline' 'self' acsbap.com api.swiftype.com www.googleadservices.com s.dca0.com api.braintreegateway.com www.googletagmanager.com www.paypalobjects.com s.pinimg.com static.hotjar.com script.hotjar.com js-agent.newrelic.com *.webscalenetworks.net cdn.attn.tv sn.dca0.com bam.nr-data.net cdn4.forter.com tpc.googlesyndication.com d.adroll.com script.crazyegg.com cdn.listrakbi.com s1.listrakbi.com rum-static.pingdom.net s.swiftypecdn.com amiclubwear.com *.amiclubwear.com use.fontawesome.com shareasale-analytics.com apis.google.com *.cloudmaestro.com *.lagrangesystems.net d.adroll.mgr.consensu.org s.adroll.com *.facebook.net *.facebook.com *.cloudfront.net www.googletagmanager.com www.google-analytics.com www.gstatic.com googleads.g.doubleclick.net bat.bing.com m1.listrakbi.com amiclubwear.happyfox.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1 font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-eval' chrome-extension: https://gosmonitor.ru 'unsafe-inline' 'unsafe-inline' https://connect.facebook.net https://stat.sputnik.ru https://mc.yandex.ru https://www.google-analytics.com https://wchat.freshchat.com https://files-js-ext.s3.us-east-2.amazonaws.com https://abp.smartadcheck.de https://informer.yandex.ru https://api-maps.yandex.ru https://yastatic.net blob: https://www.hoexoxg.site https://6dbxq.6v5f3l.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://www.facebook.com chrome-extension: https://wchat.freshchat.com https://403582067984351.webpush.freshchat.com https://mc.yandex.md https://k.nzeaner.com https://www.youtube.com https://gosmonitor.ru https://mc.yandex.ru https://dl.metabar.ru https://mc.yandex.com https://acestream.me https://www.google.com https://skytraf.xyz https://xen-media.com http://block1.govirk.ru:8002 chrome-error; object-src 'self'; report-uri /cspreportonly; 1 default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=denniexpres&d=2021-01-15 1 default-src 'self' *.plugin-alliance.com; script-src 'self' analytics.twitter.com cdnjs.cloudflare.com connect.facebook.net platform.twitter.com proxy-assets.churnbuster.io s.ytimg.com static.ads-twitter.com/uwt.js trackcmp.net www.google-analytics.com www.youtube.com 'unsafe-inline'; style-src 'self' cdnjs.cloudflare.com proxy-assets.churnbuster.io 'unsafe-inline'; img-src 'self' *.plugin-alliance.com analytics.twitter.com data: d26781mews02ac.cloudfront.net i.ytimg.com img.youtube.com stats.g.doubleclick.net t.co www.facebook.com www.google.de www.google-analytics.com yt3.ggpht.com; font-src 'self' cdnjs.cloudflare.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com; frame-src 'self' d271ulnm1ao6ig.cloudfront.net embed.pivotshare.com pages.churnbuster.io staticxx.facebook.com w.soundcloud.com www.facebook.com www.youtube.com; form-action 'self' plugin-alliance.us3.list-manage.com www.facebook.com/tr/; block-all-mixed-content; report-uri https://pluginalliance.report-uri.com/r/d/csp/wizard 1 default-src 'self' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com translate.google.com www.google-analytics.com www.livehelpnow.net ajax.googleapis.com translate.googleapis.com maps.googleapis.com; img-src 'self' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com www.google-analytics.com *.gstatic.com translate.googleapis.com www.google.com www.livehelpnow.net; style-src 'self' 'unsafe-inline' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com ajax.googleapis.com; font-src 'self' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src www.youtube.com; form-action 'self' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com *.list-manage.com; report-uri https://coh.report-uri.io/r/default/csp/reportOnly 1 default-src 'none'; form-action 'none'; frame-ancestors 'none'; 1 default-src https:; child-src https: blob:; connect-src https: wss: data:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:; object-src https:; worker-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 1 default-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: *.sgsr.us https://fonts.googleapis.com *.hotjar.com wss://*.hotjar.com; report-uri https://kzspmo8ia7.execute-api.us-west-1.amazonaws.com/ 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com *.bootstrapcdn.com *.fontawesome.com data: *.audioeye.com *.cloudmaestro.com *.webscalenetworks.net *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.signifyd.com *.braintreegateway.com *.kaptcha.com *.google.com *.youtube.com *.twitter.com *.online-metrix.net *.paypal.com *.olark.com *.audioeye.com *.force.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.youtube.com 'self' data: *.lightemporium.com *.usercentrics.eu *.yotpo.com *.snakeriverfarms.com *.signifyd.com *.online-metrix.net *.narvar.com *.olark.com *.cdninstagram.com *.cloudfront.net *.fbcdn.net *.cloudmaestro.com *.bing.com *.google.com *.google.com.pk *.webscalenetworks.net *.facebook.com *.narvar.qa shareasale.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.cloudflare.com *.braintreegateway.com *.braintree-api.com *.twitter.com *.google-analytics.com *.googleapis.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net polyfill.io *.yotpo.com *.googlecommerce.com *.google.com *.algolia.net *.signifyd.com *.paypal.com *.dynamicyield.com *.narvar.com *.olark.com *.amazon.com *.payments-amazon.com *.swellrewards.com *.audioeye.com *.cloudmaestro.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.bing.com *.doubleclick.net *.force.com *.salesforceliveagent.com *.webscalenetworks.net 'self' data: *.facebook.net *.dotdigital-pages.com *.dwin1.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yotpo.com *.bootstrapcdn.com *.narvar.com *.olark.com *.audioeye.com *.cloudmaestro.com *.force.com *.webscalenetworks.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.yotpo.com *.signifyd.com *.signifyd.com:11103 *.algolia.net *.algolianet.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.braintree-api.com *.braintreegateway.com *.dynamicyield.com *.olark.com *.vimeo.com *.amazon.com *.audioeye.com *.nr-data.net *.doubleclick.net *.google-analytics.com *.bing.com https://static.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; base-uri 'none'; worker-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'self'; frame-ancestors 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-src 'self' *.riigiteataja.ee https://captcha.riigiteataja.ee; img-src 'self' https://ssl.google-analytics.com; script-src 'self' https://ssl.google-analytics.com; style-src 'self'; report-uri /csp; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=b61eb06a1bd3188e4bbe4fad953f8f11 1 img-src https://pp.vk.me https://special.astrobl.ru https://www.astrobl.ru https://*.yandex.ru https://*.astrakhan.ru stat.sputnik.ru *.rambler.ru; script-src 'unsafe-inline' 'unsafe-eval' https://special.astrobl.ru https://thj.astrakhan.ru https://www.astrobl.ru *.yandex.ru gosmonitor.ru *.rambler.ru stat.sputnik.ru; style-src 'unsafe-inline' https://special.astrobl.ru https://www.astrobl.ru; font-src https://special.astrobl.ru https://www.astrobl.ru; media-src https://www.youtube.com https://vk.com; 1 font-src *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com fonts.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.fontawesome.com *.googleapis.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es madefor.github.io *.cloudflare.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://98dba6326789eae01552e92f7b3e68d5.report-uri.io/r/default/csp/reportOnly 1 default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https:; img-src 'self' blob: data: https: http:; media-src 'self' https: blob:; worker-src 'self' https://zenkit.com https://*.zenkit.com; frame-src https: blob:; frame-ancestors https:; connect-src 'self' https: wss:; object-src 'self' https://djtflbt20bdde.cloudfront.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https:; report-uri /csp-report 1 default-src 'self' *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.cloudflare.com *.addthis.com *.addthisedge.com *.linkedin.com *.twitter.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'self'; frame-src 'self' *.addthis.com *.addthisedge.com *.linkedin.com *.twitter.com; img-src 'self' *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com *.addthis.com *.addthisedge.com; report-uri; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 1 report-uri https://sentry.io/api/221673/security/?sentry_key=3afaff7eee7146358bf291fdd649cba7 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com api.mapbox.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1 default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://ws.cex.io/ws;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com gulahmedshop.com *.gulahmedshop.com www.google.com tpc.googlesyndication.com *.cloudfront.net z.moatads.com www.googletagmanager.com onesignal.com www.google-analytics.com connect.facebook.net cdn.onesignal.com cdn.oribi.io www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.2checkout.com js.stripe.com v1.addthisedge.com maps.googleapis.com www.youtube.com static.goqubit.com 1 default-src https: http: data: wss://*.forter.com 'unsafe-inline' 'unsafe-eval'; connect-src https: http: wss://*.forter.com; frame-ancestors 'self' https: http: *.czs.org 172.21.2.30 www.chasepaymentechhostedpay.com object-src 'self'; img-src 'unsafe-eval' 'unsafe-inline' data: blob: *; font-src 'self' data: https: http: *.typekit.net; script-src 'unsafe-eval' 'unsafe-inline' blob: data: https: http: 'self' emarketing.activenetwork.com d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com kpstat.forter.com:7043 www.google.com maps.google.com maps.googleapis.com ssl.google-analytics.com www.google-analytics.com www.gstatic.com embed.idonate.com use.typekit.net cdn-js.net cdnjs.cloudflare.com d35u1vg1q28b3w.cloudfront.net partners.cmptch.com static.cmptch.com scriptcdn.net auctioneer.50million.club m.addthis.com s7.addthis.com m.addthisedge.com lkysearchex3688-a.akamaihd.net analyticspage.tools apiurl.org appsource.cool countmake.cool fp166.digitaloptout.com eluxer.net mirextpro.com z.moatads.com secure.myshopcouponmac.com payperclickadz.com cdn.pmqzads.com qdatasales.com widget-prime.rafflecopter.com srvvtrk.com pwm-image.trendmicro.com gateway.zscloud.net; style-src 'unsafe-eval' 'unsafe-inline' 'self' accessibility-bookmarklets.org emarketing.activenetwork.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com hello.myfonts.net pwm-image.trendmicro.com; report-uri https://bzcsp.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' *.hsbc.ae; script-src 'self' 'unsafe-eval' *.hsbc.ae 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbc.ae 'unsafe-inline'; img-src 'self' *.hsbc.ae data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbc.ae hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbc.ae col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com/; 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.fotbollskanalen.se; report-uri https://csp-report.b17g.net/ 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com bam-cell.nr-data.net cdn.brandingbrand.com global.prd.borderfree.com tpc.googlesyndication.com www.jamesperse.com static.jamesperse.com *.turn.com *.appspot.com server.iad.liveperson.net connect.facebook.net ajax.googleapis.com www.googletagmanager.com bat.bing.com ut.rd.linksynergy.com *.listrakbi.com tag.rmp.rakuten.com lptag.liveperson.net www.google-analytics.com raw.githubusercontent.com *.yimg.com *.akamaized.net *.coremetrics.com ut.ra.linksynergy.com resources.xg4ken.com services.listrak.com sp.analytics.yahoo.com lptag.liveperson.net *.lpsnmedia.net va.v.liveperson.net va-s.c.liveperson.net js-agent.newrelic.com *.adroll.com bam.nr-data.net assets.pinterest.com tags.mediaforge.com d.adroll.mgr.consensu.org intljs.rmtag.com suggest.instantsearchplus.com wm.prd.borderfree.com www.google.com apis.google.com www.googleadservices.com widget-mediator.zopim.com services.xg4ken.com 113.xg4ken.com 1 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::NEWTAB_2_10_X_ASYNC 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1 frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 1 connect-src 'self' https://gatehub.net https://*.gatehub.net wss://*.gatehub.net wss://*.ripple.com https://id.ripple.com https://history.ripple.com:7443 https://api.ripplecharts.com https://data.ripple.com https://*.zendesk.com https://ekr.zdassets.com https://www.google-analytics.com https://googletagmanager.com https://api.gastracker.io https://api.blockcypher.com https://api.etherscan.io https://sentry.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net wss://xrpl.ws; default-src 'self' https://gatehub.net; font-src 'self' https://gatehub.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://gatehub.net https://*.gatehub.net https://www.google.com https://client-api.arkoselabs.com; img-src 'self' https://gatehub.net https://*.gatehub.net https://*.amazonaws.com https://www.google-analytics.com https://chart.googleapis.com https://stats.g.doubleclick.net https://ssl.gstatic.com blob: data:; media-src 'self' https://gatehub.net https://*.gatehub.net https://static.zdassets.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://apis.google.com https://www.gstatic.com https://code.highcharts.com https://*.zendesk.com https://static.zdassets.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://client-api.arkoselabs.com; style-src 'self' 'unsafe-inline' https://gatehub.net https://*.gatehub.net https://fonts.googleapis.com; report-uri https://gatehub.report-uri.com/r/d/csp/wizard; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.hk&source%5Bsection%5D=brochure&source%5Buuid%5D=22e56f1b1d68d47898fc704ea2cb31b3 1 report-uri https://logs-01.loggly.com/inputs/4e92d8a9-baa6-4559-82e2-05428d10fa7b/tag/csp; report-to default 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://latkbu9mql.execute-api.us-east-1.amazonaws.com/default/checkCSP 1 font-src maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com www.facebook.com platform.twitter.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com connect.facebook.net twitter.com platform.twitter.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 : default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://cxglobals.report-uri.com/r/d/csp/reportOnly 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.lagrangesystems.net unpkg.com js.braintreegateway.com tpc.googlesyndication.com ws.sharethis.com *.pinterest.com magnetic.t.domdex.com www.googletagmanager.com *.bronto.com player.vimeo.com www.google-analytics.com *.olark.com f.vimeocdn.com www.tag4arm.com secure.quantserve.com intljs.rmtag.com www.googleadservices.com connect.facebook.net cdn.pbbl.co *.steelhousemedia.com s.pinimg.com ut.ra.linksynergy.com rules.quantcount.com googleads.g.doubleclick.net js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google.com rum-static.pingdom.net www.gstatic.com p.bm23.com s.yimg.com *.cloudfront.net *.googleapis.com sp.analytics.yahoo.com script.crazyegg.com *.lagrangesystems.net bat.bing.com edge.quantserve.com 193.238.46.57 js.adsrvr.org 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.za&source%5Bsection%5D=brochure&source%5Buuid%5D=2b76a5e8b5af67f6c4fdd84b710827e8 1 default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com *.googletagmanager.com data:; font-src 'self' *.typekit.net d2tic578h94r8u.cloudfront.net *.gstatic.com *.googleapis.com *.acsbapp.com data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.addthis.com m.addthisedge.com *.pinterest.com *.pinimg.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.freshchat.com *.ckeditor.com *.acsbapp.com d2tic578h94r8u.cloudfront.net 'nonce-neGgRVQI25nXHn83DUBkig=='; style-src 'self' d2tic578h94r8u.cloudfront.net *.googleapis.com *.typekit.net *.freshchat.com *.ckeditor.com 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com s7.addthis.com assets.pinterest.com www.youtube.com *.freshchat.com *.acsbapp.com accessibe.com player.vimeo.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com checkout.paypal.com *.pinterest.com *.mmapiws.com widget.trustpilot.com *.typekit.net m.addthis.com www.facebook.com s.yimg.com http://localhost:3035 ws://localhost:3035 *.acsbapp.com d2tic578h94r8u.cloudfront.net 'strict-dynamic'; report-uri /csp_reports 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com http://rum-static.pingdom.net https://v4in1-si.click4assistance.co.uk https://hitcounter.govmetric.com https://websurveys2.servmetric.com https://wsstatic.govmetric.com http://static.hotjar.com http://*.jquery.com https://*.googletagmanager.com http://api.reciteme.com https://www.google-analytics.com http://www.youtube.com https://platform.twitter.com https://content.govdelivery.com https://api.reciteme.com https://portal.roadworks.org; object-src 'self'; style-src 'self' 'unsafe-inline' https://websurveys2.servmetric.com https://wsstatic.govmetric.com http://*.googleapis.com https://fs-filestore-eu.s3.amazonaws.com/Waltham_Forest/ https://maxcdn.bootstrapcdn.com/ https://api.reciteme.com; img-src 'self' 'unsafe-inline' data: https://v4in1-si.click4assistance.co.uk https://www.google-analytics.com https://wsstatic.govmetric.com https://*.govdelivery.com https://syndication.twitter.com https://api.reciteme.com; media-src 'self' https://api.reciteme.com; frame-src 'self' https://vars.hotjar.com/ https://platform.twitter.com https://api.reciteme.com https://app.powerbi.com; font-src 'self' https://*.gstatic.com https://maxcdn.bootstrapcdn.com/ https://api.reciteme.com; connect-src 'self' https://www.google-analytics.com http://rum-collector-2.pingdom.net https://*.hotjar.com https://api.reciteme.com; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self' https://*.brainstation.io; img-src 'self' blob: data: https:; font-src 'self' data: https:; style-src 'self' data: https: 'unsafe-inline'; media-src 'self' blob: data: https:; script-src 'self' 'nonce-aZli2YQhOANI9U9R1lBSIQ==' 'unsafe-inline' https://*.brainstation.io https://maxcdn.bootstrapcdn.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net ssl.google-analytics.com bat.bing.com snap.licdn.com connect.facebook.net *.quora.com platform.twitter.com https://api.raygun.io *.live-video.net https://js.stripe.com; report-uri https://report-to-api.raygun.com/reports-csp?apikey=N2M8n90VfFeHHg24B9C5A&tags=%5B%22io%22%5D; connect-src 'self' https://*.brainstation.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.ca https://www.facebook.com https://bat.bing.com https://*.quora.com https://api.raygun.io *.live-video.net https://api.stripe.com; child-src 'self' https://*.brainstation.io https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net blob:; form-action 'self' https://*.brainstation.io https://intercom.help https://api-iam.intercom.io; frame-src 'self' https://*.brainstation.io platform.twitter.com https://www.facebook.com https://js.stripe.com https://hooks.stripe.com; worker-src 'self' https://*.brainstation.io blob: 1 frame-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; default-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://www.facebook.com https://m.facebook.com https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.com.ua https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net blob: 'self'; ; connect-src https://auth.adm.tools https://adm.tools https://portal.adm.tools https://www.ukraine.com.ua https://cdn.ukraine.com.ua:* wss://cdn.ukraine.com.ua:* https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://www.facebook.com https://www.facebook.com; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1 default-src 'self' data: *.aldi-international.com *.facebook.com *.gstatic.com; form-action 'self' *.facebook.com; frame-ancestors 'self' mein.aldi-suisse.ch; frame-src 'self' www.google.com *.facebook.com *.twitter.com g.jwpsrv.com www.youtube.com platform.liquidus.net app.nexuspublications.com.au cpc.elettershop.de wbiprod.storedvalue.com; script-src 'self' data: *.aldi-international.com *.pinterest.com *.facebook.com *.twitter.com *.ytimg.com *.aldi-sued.com 'unsafe-inline' 'unsafe-eval' app.nexuspublications.com.au platform.liquidus.net www.yellowmap.de ssl.p.jwpcdn.com www.youtube.com connect.facebook.net *.facebook.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https:; report-uri /CspReportLogger.php; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'eval' https://www.google.com http://www.google-analytics.com https://cse.google.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com https://cse.google.com https://www.google.com https://connect.facebook.net; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' 'data' https:; font-src 'self' 'data' https://fonts.gstatic.com; connect-src 'self'; media-src 'self' 'data'; object-src 'self'; prefetch-src 'self'; child-src 'self'; frame-src 'self' https://www.fotw.info; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.google.com; base-uri 'self'; manifest-src 'self'; report-uri https://fotw.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' https://www.facebook.com; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://api.amplitude.com; script-src 'self' 'unsafe-inline' https://cdn.amplitude.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net; img-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://fonts.gstatic.com; report-uri /csp-violations-report-endpoint; report-to null; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://trlhvadgdetff1t0lc6gw4oo.httpschecker.net/report 1 style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net cookie-cdn.cookiepro.com trc-events.taboola.com api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io; font-src 'self' data: fonts.gstatic.com script.hotjar.com; frame-src www.youtube.com s7.addthis.com vars.hotjar.com widget.trustpilot.com; img-src 'self' data: cds.taboola.com q.quora.com 2.gravatar.com bat.bing.com px.ads.linkedin.com www.linkedin.com c0.adalyser.com cx.atdmt.com heapanalytics.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com web.uploads.tide.co local.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' cookie-cdn.cookiepro.com bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com trc.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com tagmanager.google.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1 default-src 'none'; connect-src 'self'; font-src 'self' https: data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; report-uri /csp-violation-report 1 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24.net//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com; connect-src https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' https://www.biolib.cz https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com; style-src 'unsafe-inline' 'self'; block-all-mixed-content; report-uri https://www.mudrc.net/report.php?csp 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.de&source%5Bsection%5D=brochure&source%5Buuid%5D=78f72edb223af5135e0e7b66d87e96a9 1 script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.awin1.com https://*.bing.com https://*.crunch.uk https://*.disqus.com https://*.disquscdn.com https://*.dwin1.com https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.responsetap.com https://*.salesforceliveagent.com https://*.taboola.com https://*.tradedoubler.com https://*.trustpilot.com https://*.twitter.com https://*.wistia.com https://*.yieldify.com https://*.youtube.com https://*.ytimg.com https://*.zenaps.com https://*.zuko.io https://browser-update.org https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://disqus.com https://s3-eu-west-1.amazonaws.com/crunch-cdn https://tagmanager.google.com https://the.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.disquscdn.com https://*.google-analytics.com https://*.googleapis.com https://platform.twitter.com https://tagmanager.google.com; frame-ancestors 'self' https://*.crunch.co.uk; manifest-src 'self' https://*.crunch.co.uk; default-src 'self' https://*.crunch.co.uk https://c.disquscdn.com https://disqus.com; frame-src 'self' mailto: ms-appx-web: https://*.crunch.co.uk https://*.dwin1.com https://*.everviz.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.googletagmanager.com https://*.highcharts.com https://*.hotjar.com https://*.pardot.com https://*.tradedoubler.com https://*.trustpilot.com https://*.twitter.com https://*.yieldify.com https://*.youtube.com https://*.zenaps.com https://disqus.com https://fast.wistia.com https://fast.wistia.net https://twitter.com; img-src 'self' data: *; connect-src 'self' blob: https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.litix.io https://*.mixpanel.com https://*.oribi.io https://*.responsetap.com https://*.salesforceliveagent.com https://*.sessioncam.com https://*.taboola.com https://*.tradedoubler.com https://*.trustpilot.com https://*.wistia.com https://*.zuko.io https://bat.bing.com https://disqus.com https://embedwistia-a.akamaihd.net https://the.sciencebehindecommerce.com wss://*.hotjar.com; object-src 'self' blob: https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com; media-src 'self' blob: data: https://*.cloudinary.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; font-src 'self' data: chrome-extension: https://fonts.gstatic.com https://script.hotjar.com https://fast.wistia.com/; report-to /platform-api/csp-violations/report/; report-uri /platform-api/csp-violations/report/; 1 default-src 'self' *.canterbury-cathedral.org; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.googletagmanager.com https://maps.googleapis.com https://canterbury-cathedral.us2.list-manage.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://fonts.googleapis.com; img-src data: *; font-src data: 'self' https://fonts.gstatic.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://maps.google.co.uk https://maps.google.com https://www.google.com 'self' *.canterbury-cathedral.org https://cvminder.com https://w.soundcloud.com; connect-src 'self' *.canterbury-cathedral.org https://www.google-analytics.com https://translate.googleapis.com; report-uri https://www.canterbury-cathedral.org/csp-report.php; report-to default; 1 script-src 'nonce-AOU65mDWN4VilhHnV-uPOQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/diversity_google; base-uri 'none' 1 font-src *.gstatic.com 'self' data: https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.dotdigital-pages.com *.dotdigital.com https://www.youtube.com https://youtu.be *.doubleclick.net https://vars.hotjar.com/ https://www.facebook.com/ https://c.paypal.com https://r1.dotmailer-surveys.com https://surveymonkey.com/ https://widget.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.gstatic.com *.google.co.uk https://www.googletagmanager.com https://www.tag4arm.com https://bat.bing.com https://services.postcodeanywhere.co.uk https://ct.pinterest.com https://b.stats.paypal.com https://dub.stats.paypal.com https://c.paypal.com https://secure.surveymonkey.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://thefo11129.pcapredict.com https://polyfill.io https://api.usersnap.com https://js-agent.newrelic.com https://bam.nr-data.net https://bat.bing.com https://www.tag4arm.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://r1-1.trackedweb.net https://r1-t.trackedlink.net https://static.trackedweb.net https://s.pinimg.com https://static.hotjar.com https://js.braintreegateway.com https://c.paypal.com https://r1.dotmailer-surveys.com https://widget.surveymonkey.com/ https://widget.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.doubleclick.net https://services.postcodeanywhere.co.uk https://bam.nr-data.net https://r1.trackedweb.net https://ct.pinterest.com https://origin-analytics-sand.sandbox.braintree-api.com https://payments.sandbox.braintree-api.com https://bat.bing.com https://in.hotjar.com https://www.paypal.com https://www.tag4arm.com https://widget.trustpilot.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.braintreegateway.com *.paypal.com https://surveymonkey.com/ https://secure.surveymonkey.com/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net 'unsafe-inline'; style-src 'self' 'nonce-38033dd553f44b70b17002d146cb7942' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; img-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/ https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=139-6353791-4319705:rid=CCD39FE3A872424895D8:sn=www.newworld.com 1 default-src https: 'unsafe-inline' 1 font-src *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.foursixty.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.gstatic.com *.cloudfront.net *.hotjar.io *.newrelic.com foursixty.com *.bing.com *.socital.com *.doubleclick.net wss://ws11.hotjar.com *.brontops.com *.esearchvision.com *.google.com *.google.co.uk *.payments-amazon.com *.paypal.com *.amazon.com *.amazon.co.uk *.ideal-postcodes.co.uk *.braintreegateway.com *.braintree-api.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.hotjar.io *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.newrelic.com *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net foursixty.com *.foursixty.com *.bing.com *.socital.com *.doubleclick.net wss://ws11.hotjar.com *.brontops.com *.esearchvision.com *.gstatic.com *.google.com *.google.co.uk *.cloudfront.net *.payments-amazon.com *.paypal.com *.ideal-postcodes.co.uk *.braintreegateway.com *.braintree-api.com data: 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.paypalobjects.com *.freshchat.com *.yieldify.com *.reviews.co.uk *.hotjar.io *.newrelic.com foursixty.com *.foursixty.com *.bing.com *.socital.com *.doubleclick.net wss://ws11.hotjar.com *.brontops.com *.esearchvision.com *.gstatic.com *.google.com *.google.co.uk *.cloudfront.net *.paypal.com *.ideal-postcodes.co.uk *.braintreegateway.com *.braintree-api.com data: cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.advertising.com *.outbrain.com *.google.com *.taboola.com *.bing.com *.ad-stir.com *.smartclip.net *.yieldify.com *.hotjar.io *.newrelic.com foursixty.com *.foursixty.com *.socital.com *.doubleclick.net wss://ws11.hotjar.com *.brontops.com *.esearchvision.com *.gstatic.com *.google.co.uk *.cloudfront.net *.payments-amazon.com *.paypal.com *.amazon.com *.amazon.co.uk *.ideal-postcodes.co.uk *.braintreegateway.com *.braintree-api.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.webgains.io *.nr-data.net *.foursixty.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net paypal-eu-cdn.cloudiq.com *.salesfire.co.uk *.googletagmanager.com *.esearchvision.com *.pcapredict.com *.reviews.co.uk *.freshchat.com *.hotjar.io *.newrelic.com foursixty.com *.bing.com *.socital.com *.doubleclick.net wss://ws11.hotjar.com *.brontops.com *.gstatic.com *.google.com *.google.co.uk *.cloudfront.net *.paypal.com *.amazon.com *.amazon.co.uk *.ideal-postcodes.co.uk *.braintreegateway.com *.braintree-api.com data: r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.freshchat.com *.reviews.co.uk *.cloudfront.net *.hotjar.io *.newrelic.com foursixty.com *.foursixty.com *.bing.com *.socital.com *.doubleclick.net wss://ws11.hotjar.com *.brontops.com *.esearchvision.com *.gstatic.com *.google.com *.google.co.uk *.payments-amazon.com *.paypal.com *.amazon.com *.amazon.co.uk *.ideal-postcodes.co.uk *.braintreegateway.com *.braintree-api.com data: cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.loyaltylion.com *.criteo.com *.criteo.net *.smartmetrics.co.uk *.socital.com *.doubleclick.net *.reviews.co.uk *.paypal.com *.hotjar.io *.newrelic.com foursixty.com *.foursixty.com *.bing.com wss://ws11.hotjar.com *.brontops.com *.esearchvision.com *.gstatic.com *.google.com *.google.co.uk *.cloudfront.net *.payments-amazon.com *.ideal-postcodes.co.uk *.braintreegateway.com *.braintree-api.com data: r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.hotjar.io *.newrelic.com foursixty.com *.foursixty.com *.bing.com *.socital.com *.doubleclick.net wss://ws11.hotjar.com *.brontops.com *.esearchvision.com *.gstatic.com *.google.com *.google.co.uk *.cloudfront.net *.payments-amazon.com *.paypal.com *.amazon.com *.amazon.co.uk *.ideal-postcodes.co.uk *.braintreegateway.com *.braintree-api.com data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: dc.services.visualstudio.com *.doubleclick.net s.yimg.com www.google-analytics.com cookie-cdn.cookiepro.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vars.hotjar.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.googletagmanager.com vars.hotjar.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net use.fontawesome.com fast.fonts.net p.typekit.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net use.fontawesome.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cookie-cdn.cookiepro.com ads.avocet.io www.google-analytics.com cdnjs.cloudflare.com siteimproveanalytics.com dl.episerver.net static.hotjar.com s.yimg.com *.doubleclick.net www.googletagmanager.com sp.analytics.yahoo.com az416426.vo.msecnd.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: px.ads.linkedin.com www.google-analytics.com cookie-cdn.cookiepro.com www.google.com 6059819.global.siteimproveanalytics.io *.doubleclick.net www.googletagmanager.com ; form-action 'none' data: blob: ; report-uri /csp_report 1 connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob: https://www.google-analytics.com https://cdn-gl.imrworldwide.com https://secure-au.imrworldwide.com https://z.moatads.com;; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage®ion=AU&lang=en-AU&device=desktop&yrid=ffj763pg0271i&partner=; 1 report-uri https://www.childcare.co.uk/app/csp-reports; default-src blob: data: https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.ampproject.org https://cdnjs.cloudflare.com https://code.jquery.com https://js.recurly.com https://www.gstatic.com https://ajax.googleapis.com https://oss.maxcdn.com https://connect.facebook.net https://d1l6p2sc9645hc.cloudfront.net https://*.gosquared.com https://*.childcare.co.uk https://*.trustpilot.com https://*.doubleclick.net https://cdn.ckeditor.com https://appleid.cdn-apple.com https://*.totum.com https://bat.bing.com https://www.google.com https://cdn.jsdelivr.net 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src *; media-src 'self'; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1 script-src 'self' 'report-sample' *.disqus.com *.disquscdn.com accounts.google.com analytics.google.com apis.google.com api.getdrip.com tag.getdrip.com cdn.amplitude.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://d14jnfavjicsbe.cloudfront.net/client.js widget.intercom.io js.intercomcdn.com mc.yandex.ru *.osome.com *.osome.club ssl.gstatic.com static.hotjar.com script.hotjar.com *.ytimg.com www.google-analytics.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com snap.licdn.com www.youtube.com cdn.ampproject.org tilda.ws static.tildacdn.com stat.tildacdn.com script.tapfiliate.com code.jquery.com www.clarity.ms unpkg.com 'unsafe-inline' 'unsafe-eval'; report-uri https://5fb4310f34c13d8246ca6342.endpoint.csper.io 1 report-uri https://www.yelp.com/csp_report_only?id=ba5ac3067925f435&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610689341; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ph&source%5Bsection%5D=brochure&source%5Buuid%5D=f513ae69b15f5e3d96d65daecf0d1347 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-Mzg2OTYxMjY5OSwxOTY0Mzg2MDA2'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 worker-src blob:; font-src data: static3.avast.com file: www.buynespresso.com fonts.gstatic.com github.com chrome-extension: fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com cdn.getspeechify.com at.alicdn.com stackpath.bootstrapcdn.com netdna.bootstrapcdn.com www.slant.co api.couponmate.com use.typekit.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com tr.snapchat.com www.facebook.com 172.16.16.80 ae.buynespresso.com za.buynespresso.com connect.facebook.net tr.buynespresso.com kw.buynespresso.com ma.buynespresso.com sa.buynespresso.com 192.168.12.60 data: gateway.zscloud.net 192.168.206.174 10.99.1.231 10.1.50.87 gateway.zscaler.net 101.101.100.199 gateway.zscalertwo.net blockpage2.fb.bnk 10.181.1.99 10.1.1.94 192.168.1.112 blockpage1.fb.bnk 10.11.3.239 192.168.9.188 172.16.10.82 149.193.5.163 10.10.101.35 192.168.101.183 www.google.com proxy2.univers.ci 10.90.240.11 10.164.60.151 10.11.27.137 192.0.130.61 10.7.131.30 10.206.160.4 10.195.101.60 10.1.30.170 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 4137862.fls.doubleclick.net www.youtube.com tr.snapchat.com amc.demdex.net bid.g.doubleclick.net s.salecycle.com www.facebook.com www.googletagmanager.com 172.16.16.80 data: connect.facebook.net gateway.zscloud.net mcb.gateway.mastercard.com d22j4fzzszoii2.cloudfront.net 172.28.28.200 afs.gateway.mastercard.com 192.168.12.60 dohabank.gateway.mastercard.com pwm-image.trendmicro.com cdncache-a.akamaihd.net chrome-error: www.google.com block.opendns.com tr.snapchat.com.x.2066b926096cb04da20b14f0234825f2f652.d045213d.id.opendns.com utp.ucweb.com noop.style mozbar.moz.com ap-gateway.mastercard.com hiait.hamadairport.com.qa 172.16.9.5 d21r4q0rdzodf.cloudfront.net 192.168.206.174 10.99.1.231 10.1.50.87 www.etisalat.com.eg 10.11.239.148 gateway.zscalertwo.net 172.16.9.4 cid: gateway.zscaler.net 10.0.2.96 101.101.100.199 www.manpower.gov.om 10.10.32.7 e2b8u3v8.map2.ssl.hwcdn.net hdapp1008-a.akamaihd.net blockpage2.fb.bnk 10.10.32.9 10.11.27.137 172.17.80.18 dz.withtls.net 10.181.1.99 surfe.be www.youtube-nocookie.com apiholdingmypage-a.akamaihd.net 10.1.1.94 192.168.1.112 10.11.3.239 10.10.70.67 notify.bluecoat.com ssionsupre.fun blockpage1.fb.bnk www.ciuvo.com 192.168.5.5 192.168.131.145 saltcdn2.googleapis.com vk.com saltcdn2.twitter.com saltcdn2.facebook.com saltcdn2.www.instagram.com acestream.me 10.192.7.18 192.168.9.188 172.16.10.82 192.168.0.4 10.72.19.41 remove.video clickberry.tv skytraf.xyz 10.100.251.191 149.193.5.163 10.10.101.35 192.168.101.183 10.249.65.23 10.1.2.61 youtu.be proxy2.univers.ci 192.168.204.218 utraff.com lookmeet.tv ucads-cdn.ucweb.com 10.90.240.11 10.9.244.20 10.164.60.151 192.0.130.61 10.10.10.10 10.7.131.30 sslocal: object.center 10.0.0.122 10.195.101.60 login.zscaler.net auth.apps.airliquide.com 10.200.30.241 10.1.30.170 www.etisalat.eg 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.xtento.com cdn.xtento.com www.nespresso.com www.facebook.com ad.doubleclick.net adservice.google.com www.google.com data: cm.everesttech.net amcglobal.sc.omtrdc.net beacon.krxd.net www.google.com.eg www.google.dz px.ads.linkedin.com www.google.jo www.google.ci www.google.com.lb buynespresso.com www.google.mu d.lemonpi.io www.google.com.om www.google.com.bh i.ytimg.com connect.facebook.net www.linkedin.com p.adsymptotic.com www.google.com.qa adservice.google.ci adservice.google.dz www.gstatic.com www.buynespresso.com www.google.co.ma www.googletagmanager.com www.google.nl www.google.com.ua www.google.co.za www.google.ie adservice.google.jo www.google.ae www.google.com.tr www.google.com.my www.google.fr adservice.google.com.eg www.google.co.uk www.google.co.in www.google.com.kw www.google.com.au www.google.si www.google.com.sa www.google.tg adservice.google.com.lb googleads.g.doubleclick.net www.google.sn nespresso-our-choice.com log.pinterest.com www.google.com.ng www.google.fi www.google.ca www.google.de blob: www.google.ro www.google.com.ph www.google.co.ao www.google.iq a5.behance.net adservice.google.mu www.google.es adservice.google.co.ma www.google.az adservice.google.com.bh yastatic.net www.google.at www.google.co.zw translate.google.com www.google.com.pk az.nmgplatform.com adservice.google.com.om www.google.be www.google.co.th www.google.mk adservice.google.com.gh www.google.com.gh adservice.google.at stats.g.doubleclick.net www.google.com.ly adservice.google.com.qa www.google.com.sg www.pitayamobile.com kellyfight.com www.google.it www.google.hu serverloads.com www.google.pl www.google.ch www.google.tn www.google.com.ar www.xvideos.com www.google.com.br www.google.no www.google.cm www.google.com.vn www.google.co.kr www.google.com.np www.google.ru img.uflowx.com www.google.co.id www.google.bf www.google.dk adservice.google.ml www.google.ml www.google.lv www.google.gr maps.googleapis.com www.google.co.jp canvaspl-a.akamaihd.net www.google.rs www.google.ps www.google.bg www.google.by www.google.hr www.google.rw www.google.co.mz www.boursorama.com canvasdp-a.akamaihd.net jsl.infostatsvc.com ma.buynespresso.com adservice.google.ie www.google.com.bd img.youtube.com www.google.cz www.google.co.il www.google.pt dakotaram.com www.google.com.mt www.google.cd www.google.co.nz www.google.com.cy genyhome.com www.google.com.pr www.google.com.pa firescorrelationprodigy.com adservice.google.com.ng adservice.google.com.ua www.google.co.ug utarget.ru amasty.com surfe.be www.google.is www.google.sk www.google.je www.google.co.uz adservice.google.ca adservice.google.com.bd www.google.lk www.google.com.bn www.google.bi www.google.bj eventping-a.akamaihd.net www.google.am www.google.se www.google.co.bw www.google.kz www.google.com.co session.scamprotection.net promlinkdev.com www.google.ba www.google.co.ke e2b8u3v8.map2.ssl.hwcdn.net cloudimagesa.com adservice.google.nl 149.126.73.187 www.google.cl 172.16.9.5 172.16.9.4 www.google.lt www.google.com.mx www.google.com.do www.google.al www.google.md www.google.tt www.google.com.kh www.google.com.jm www.google.so www.google.com.pg clicksapp.net www.google.com.et www.google.sc www.google.co.tz dpm.demdex.net adservice.google.co.za www.ilofo.com basejs-a.akamaihd.net www.google.gl adservice.google.az www.google.mg adservice.google.ru www.google.lu favicon.yandex.net abs.twimg.com adservice.google.fr z-p3.www.instagram.com s3.amazonaws.com adservice.google.com.sg www.google.ne milkpload.net loungesrc.net ueaggress.top www.google.me www.google.co.zm adservice.google.tn www.google.com.tw adservice.google.de bam.eu01.nr-data.net saltjs.rkfnrkjfnrkfnkjh.xyz m.facebook.com tr.buynespresso.com oppositehometowndrunken.com massehight.com mc.yandex.ru mstat.acestream.net www.google.gm www.google.ge adservice.google.ch www.google.ga www.google.com.ec adservice.google.co.in www.google.com.pe adservice.google.es translate.googleapis.com www.google.co.ve adservice.google.co.uk www.google.gy gateway.zscloud.net adservice.google.ae www.google.com.na ssl.google-analytics.com filterprem.org jopkrmm.xmyl.ru mastersavepername.club cl.lexax.ru adservice.google.com.sa adservice.google.bf adservice.google.com.ph www.google.bs www.google.mw hardyload.com www.google.mn www.google.com.bz www.google.hn www.google.mv www.google.cg fr.youporn.com www.stackoverflow.com 10.164.60.151 www.google.ee www.google.tm closiner.com www.google.com.hk 172.25.161.246 cdn.css-tricks.com cl4appf.com adservice.google.com.tr adservice.google.co.zw www.google.gg www.google.cv www.google.co.cr t.skimresources.com p.skimresources.com x.skimresources.com images.profileengine.com www.google.dj outlook-1.cdn.office.net s2.googleusercontent.com m.hoopgame.net analytics.tiktok.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.xtento.com cdn.xtento.com www.googletagmanager.com analytics.tiktok.com d22xmn10vbouk4.cloudfront.net d2qmp7jjpd79k7.cloudfront.net connect.facebook.net sf16-scmcdn-va.ibytedtos.com cdnjs.cloudflare.com bam.eu01.nr-data.net js-agent.newrelic.com d16fk4ms6rqz1v.cloudfront.net sc-static.net googleads.g.doubleclick.net snap.licdn.com www.google.com www.buynespresso.com ucads-cdn.ucweb.com www.pagespeed-mod.com maps.googleapis.com www.gstatic.com mcb.gateway.mastercard.com s0.ipstatp.com assets.pinterest.com afs.gateway.mastercard.com accounts.google.com kids.youtube.com dohabank.gateway.mastercard.com kellyfight.com cdncache-a.akamaihd.net siteprerender.com cache-check.net cdn.randomhow.com m98.prod2016.com static.sunnycoast.xyz s.dcbap.com serverloads.com image.uc.cn m59.prod2016.com s.pmddby.com www.buynespresso jscontent.net fp125.mediaoptout.com dakotaram.com ap-gateway.mastercard.com biosstand.com genyhome.com data1.yutrec.com turmoilragcrutch.com squeezedthoughtfully.com data: 149.126.73.187 smigro.info umekana.ru lvodomi.info qqjar.ru d21r4q0rdzodf.cloudfront.net i_sbitinbsjs_info.tlscdn.com api.jollywallet.com cdn.visadd.com d2avx7g1ttwebd.cloudfront.net rules.similardeals.net qdatasales.com saltcdn2.googleapis.com s3.amazonaws.com gateway.zscaler.net promlinkdev.com e2b8u3v8.map2.ssl.hwcdn.net glaxythiwi.pro www.vyhezucha.pro www.madcpms.com www.profitabledisplaycontent.com cocejo.sebewopu.com 172.16.9.5 172.16.9.4 cdn.mxpnl.com hdapp1008-a.akamaihd.net tb.blueresult.com dfwu1013.info clicksapp.net pizosi.galleta-bicikega.com apiholdingmypage-a.akamaihd.net asrvvv-a.akamaihd.net protectsurf-a.akamaihd.net static.donation-tools.org fidoapi.com crisgrey.com data1.pamurt.com mediaoaktree.com apisolutionrealc-a.akamaihd.net milkpload.net loungesrc.net 192.168.12.60 d36zfztxfflmqo.cloudfront.net asset: cdn-ads.google-analytics.com massehight.com mstat.acestream.net pilaff-up.ru gateway.zscloud.net closiner.com translate.google.com translate.googleapis.com secure.myshopcouponmac.com 3001.scriptcdn.net ssl.google-analytics.com data1.cloakyz.com widget-feature.local widgets.101apis.com tefowu.fuzziness-wacicu.com www.blackclawer.ru cdn.jsdelivr.net hardyload.com 10.164.60.151 sf19-scmcdn-va.ibytedtos.com 172.19.100.23 ruzozi.locixugoro.com 172.25.161.246 51a07e9c51b04a8fbd099125be8bb228.com aac500b7a15b2646968f6bd8c6305869d7.com 10.10.10.10 adr.mplore.com s.skimresources.com a.apiywc.net rdc.apicit.net 10.195.101.60 kafiro.kuwinesume.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.buynespresso.com pwm-image.trendmicro.com data: stackpath.bootstrapcdn.com translate.googleapis.com 'self' 'unsafe-inline'; object-src noop.style 'self' 'unsafe-inline'; media-src data: tts.baidu.com ssl.gstatic.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com adservice.google.com stats.g.doubleclick.net www.google-analytics.com dpm.demdex.net analytics.tiktok.com bam.eu01.nr-data.net ws.salecycle.com i.salecycle.com amcglobal.sc.omtrdc.net d.lemonpi.io www.google.com collect.analyze.ly www.facebook.com cdn.plyr.io ad.doubleclick.net gjtrack.ucweb.com plugin.ucads.ucweb.com www.buynespresso.com az.nmgplatform.com njs.wigoal.com m98.prod2016.com cdncache-a.akamaihd.net stickyid-a.akamaihd.net uc.gre track.uc.cn utp.ucweb.com utp-dmp.ucweb.com m59.prod2016.com b.1p1eqpotato.com dz.api4load.net kellyfight.com ajax.googleapis.com r.remarketingpixel.com firescorrelationprodigy.com data: smigro.info session.scamprotection.net code.jquery.com datds.net chrome.connecting-to-the.net www.profitabledisplaycontent.com msg.altruistictask.com protectsurf-a.akamaihd.net note.cdncontentdelivery.com p.extfun.com lb.api4load.net luxins.net cr-input.mxpnl.net psid-a.akamaihd.net ssionsupre.fun lime.cdncontentdelivery.com extension.televzr.online dasfelynsaterr.webcam service.nservices.space 1986635568.rsc.cdn77.org catds.net translate.googleapis.com pluginx.uc.local www.bing.com jopkrmm.xmyl.ru mc.yandex.ru 172.25.161.246 jo.api4load.net saltoffer.google-analytics.com r.skimresources.com t.skimresources.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.buynespresso.com/eg_ar/fl32csp/report/; 1 upgrade-insecure-requests; script-src 'self' googleads.g.doubleclick.net stats.g.doubleclick.net ws-na.assoc-amazon.com www.amazon.com rcm.amazon.com www.google.com apis.google.com cse.google.com www.google-analytics.com www.googletagmanager.com partner.googleadservices.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com; frame-src googleads.g.doubleclick.net stats.g.doubleclick.net ws-na.assoc-amazon.com www.amazon.com rcm.amazon.com www.google.com apis.google.com cse.google.com www.google-analytics.com www.googletagmanager.com partner.googleadservices.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com; object-src 'self'; form-action 'none'; frame-ancestors 'none'; report-uri https://c408453ef55b803114646d679c50ef77.report-uri.com/r/d/csp/reportOnly; 1 base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.hubzero.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://hubzero.org https://www.dropbox.com https://graph.facebook.com; default-src 'self' data: https://*.hubzero.org https://*.promo.aws.hubzero.org; font-src 'self' about: https://fonts.gstatic.com data: safari-extension: chrome-extension:; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' https://*.hubzero.org https://*.promo.aws.hubzero.org https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com https://player.vimeo.com; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com;report-uri https://csp.hubzero.org/csp-cms.php;report-to cms 1 default-src 'self' https://www.google.com; script-src 'self' 'unsafe-inline' *.gstatic.com www.google.com connect.facebook.net www.google-analytics.com; style-src 'self' 'unsafe-inline' *.gstatic.com fonts.googleapis.com; img-src 'self' data: *.gstatic.com www.google-analytics.com www.facebook.com; font-src 'self' data: fonts.gstatic.com; frame-src https://www.facebook.com https://www.google.com; worker-src 'self' www.google.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp/ 1 script-src 'self' *.grabone.co.nz 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com ajax.googleapis.com www.googletagmanager.com tagmanager.google.com *.google.com cdn.optimizely.com static.chartbeat.com js-agent.newrelic.com bam.nr-data.net www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tags.crwdcntrl.net static.criteo.net *.criteo.com *.appboycdn.com *.braze.com storage.googleapis.com cdn.polyfill.io browser-update.org www.googletagservices.com adservice.google.co.nz adservice.google.com nzme-ads.co.nz securepubads.g.doubleclick.net cdn.ampproject.org *.imrworldwide.com tpc.googlesyndication.com; style-src 'self' blob: *.grabone.co.nz 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.fontawesome.com storage.googleapis.com *.fontawesome.com *.google.com; default-src *.googlesyndication.com *.criteo.com static.criteo.net *.appboycdn.com bid.g.doubleclick.net accounts.google.co.nz blob: storage.googleapis.com popup.laybuy.com *.braze.com *.imrworldwide.com *.grabone.co.nz www.googletagservices.com data.apn.co.nz *.creativecdn.com accounts.google.com 'self' data: www.youtube.com bcp.crwdcntrl.net; img-src 'self' data: *.grabone.co.nz *.cdn.grabone.com maps.googleapis.com ping.chartbeat.net www.google-analytics.com www.googletagmanager.com *.gstatic.com *.doubleclick.net www.google.com www.google.co.nz www.google.com.au www.google.co.uk bcp.crwdcntrl.net www.facebook.com static.criteo.net *.criteo.com android-webview-video-poster: android-webview: storage.googleapis.com c.cfjump.com *.imrworldwide.com pagead2.googlesyndication.com *.cloudfunctions.net *.googleusercontent.com; media-src 'self' *.grabone.co.nz data: storage.googleapis.com c.cfjump.com; child-src 'self' *.grabone.co.nz data: data.apn.co.nz www.youtube.com blob: bcp.crwdcntrl.net *.criteo.com static.criteo.net bid.g.doubleclick.net *.creativecdn.com *.appboycdn.com *.braze.com storage.googleapis.com www.googletagservices.com *.googlesyndication.com accounts.google.co.nz accounts.google.com popup.laybuy.com *.imrworldwide.com; connect-src 'self' *.grabone.co.nz 2149140224.log.optimizely.com rum.optimizely.com www.grabonebottle.co.nz *.appboycdn.com *.braze.com *.googleapis.com *.googleadservices.com *.newrelic.com *.google-analytics.com *.chartbeat.com *.googletagmanager.com *.gstatic.com browser-update.org api.commissionfactory.com c.cfjump.com securepubads.g.doubleclick.net cdn.ampproject.org *.doubleclick.net tags.crwdcntrl.net nzme-ads.co.nz *.googletagservices.com *.google.co.nz *.google.com *.fontawesome.com *.imrworldwide.com pagead2.googlesyndication.com bam.nr-data.net *.cloudfunctions.net; font-src 'self' *.grabone.co.nz fonts.gstatic.com *.fontawesome.com data: storage.googleapis.com *.fontawesome.com; report-uri https://csp-report.digital.nzme.co.nz/log/new-grabone-co-nz 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.windows.net *.msecnd.net *.trkn.us *.bing.com *.connexity.net *.alcmpn.com *.alocdn.com *.addthis.com *.opendns.com *.stickyadstv.com *.cloudflare.com *.polarisapi.com *.ctfassets.net *.youtube.com *.cloudflare.com *.aspnetcdn.com *.windows.net dnsl4xr6unrmf.cloudfront.net *.google.com blob: *.episerver.net *.doubleclick.net *.contentsquare.net screencaptue-cdn.kampyle.com api.offerpop.com screencapture.kampyle.com wyng.io *.cdninstagram.com *.wyng.com *.amazonaws.com *.opticalanalytics.io ajax.googleapis.com cdn.auth0.com cdn1.polaris.com cdn2.polaris.com cloudfront.loggly.com fonts.googleapis.com fonts.gstatic.com nebula-cdn.kampyle.com polaris-tagging-prod.azureedge.net polaris-tagging-tagserver-prod.azurewebsites.net s.ytimg.com *.hotjar.com *.hotjar.io udc-neb.kampyle.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.youtube.com servedby.flashtalking.com data: etc.polaris.com logs-01.loggly.com login.dotomi.com maps.googleapis.com cdn.jsdelivr.net maps.gstatic.com cdn-gen.polaris.com connect.facebook.net www.facebook.com www.polaris.com; 1 img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.facebook.com www.google-analytics.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: connect.facebook.net www.google-analytics.com ; form-action 'none' data: blob: ; report-uri /csp_report 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com api-maps.yandex.ru; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: www.google-analytics.com *.googleapis.com *.gstatic.com api-maps.yandex.ru *.maps.yandex.net; font-src 'self' data: fonts.gstatic.com; connect-src 'self' www.google-analytics.com; media-src 'self'; object-src 'self' www.youtube.com; frame-src 'self' www.youtube.com api-maps.yandex.ru; frame-ancestors 'self'; worker-src 'self'; block-all-mixed-content; manifest-src 'self' 'self'; report-uri https://vzotch.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' ws: *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.bootstrapcdn.com *.extremenet.hu stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1 default-src 'self' https://*.appreciatehub.com *.google-analytics.com *.cloudflare.com https://*.googleapis.com https://*.pendo.io https://*.alamoapp.octanner.io https://*.api.octanner.net https://*.salesforce.com *.cloudinary.com https://s3.amazonaws.com/oc-images-api/* *.doubleclick.net *.octanner.net *.gstatic.com *.jwpcdn.com *.recaptcha.net https://www.gstatic.com/recaptcha/releases/* wss://*.fathomvoice.com *.fathomvoice.com *.fonticons.com *.fortawesome.com 'unsafe-inline' 'unsafe-eval' data:; frame-src 'self' www.google.com; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.toolbarn.com services.sheerid.com bat.bing.com www.google-analytics.com d.impactradius-event.com www.googletagmanager.com cdn1.pdmntn.com www.googlecommerce.com *.google.com ui.powerreviews.com cdn1.affirm.com *.cloudflare.com *.amazonaws.com *.adroll.com cdn-scripts.signifyd.com imgs.signifyd.com js.braintreegateway.com *.cloudmaestro.com youtube.com www.youtube.com yahoo.com pixel.rubiconproject.com paypal.com stats.paypal.com ssl.kaptcha.com c.paypal.com assets.braintreegateway.com www.affirm.com h.online-metrix.net logs-01.loggly.com *.cloudflare.com *.cloudmaestro.com *.consensu.org www.paypalobjects.com insights.bizrate.com *.bizrate.com storage.googleapis.com api.bluecore.com cdn.bluecore.com 1 font-src fonts.gstatic.com use.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 1 default-src 'self' https: ; img-src 'self' https://dl.episerver.net/ https://www.googletagmanager.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://cm.g.doubleclick.net/ https://bat.bing.com/ https://bppmdmxgsg.execute-api.eu-west-1.amazonaws.com/prod/ data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://bat.bing.com/ https://*.responsetap.com/ https://dl.episerver.net/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://dl.episerver.net/ ; font-src 'self' https://fonts.gstatic.com/ data: ; 1 frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com; report-uri /include/cspreport.asp 1 report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media cdn.ampproject.org sc-static.net ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: *.2mdn.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.googlesyndication.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.llnw.net *.m32.media *.scorecardresearch.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io static.hotjar.com us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com/tr tr.snapchat.com ; 1 default-src http: https: code.jquery.com; frame-ancestors 'self' 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.ie *.ulsterbank.com *.ulsterbankanytimebanking.ie *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com www.irishlife.ie; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankroi.report-uri.com/r/t/csp/reportOnly 1 default-src 'self'; script-src 'self' www.google-analytics.com tagmanager.google.com www.googletagmanager.com maps.googleapis.com *.segmint.net *.bizographics.com cdn.timetrade.com *.youtube.com *.linkedin.com *.facebook.net *.facebook.com *.krxd.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: www.google-analytics.com *.google.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.gstatic.com i.ytimg.com jwpltx.com products.gobankingrates.com *.facebook.com *.krxd.net *.agkn.com *.depositaccounts.com; connect-src 'self' www.google-analytics.com *.g.doubleclick.net *.segmint.net *.krxd.net; child-src 'self' tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net; frame-src 'self' tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net *.appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; report-uri /csp-report.do 1 block-all-mixed-content; report-uri https://gesoten.report-uri.com/r/t/csp/reportOnly 1 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.diadoc.ru/private/csp-report 1 script-src 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com cdn.onesignal.com *.freedommunitions.com www.google-analytics.com cdn.inspectlet.com seal.godaddy.com *.google.com pixel.mathtag.com www.googletagmanager.com www.gstatic.com cdn.onesignal.com onesignal.com js-agent.newrelic.com bam.nr-data.net ajax.googleapis.com 1 default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; child-src 'self'; frame-ancestors 'self' 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ca ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ca *.spreadshirt.ca ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.ca ; font-src 'self' https: data: *.spreadshirt.ca ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ca ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ca ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es js.stripe.com m.stripe.com x.klarnacdn.net klarna.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es js.stripe.com m.stripe.com x.klarnacdn.net klarna.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es js.stripe.com m.stripe.com x.klarnacdn.net klarna.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri https://www.yelp.com/csp_report_only?id=d8b8cd8660f3cac1&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610687380; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'none'; img-src 'self' promotional.storage.infomaniak.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com t.co *.t.co *.bing.com *.google.com px.ads.linkedin.com linkedin.com *.linkedin.com google.fr *.google.fr google.it *.google.it google.ch *.google.ch google.de *.google.de google.es *.google.es google.co.uk *.google.co.uk google.com.br *.google.com.br google.be *.google.be google.ie *.google.ie google.lu *.google.lu google.ro *.google.ro facebook.com *.facebook.com googleads.g.doubleclick.net doubleclick.net *.doubleclick.net swisstransfer.com *.swisstransfer.com adsymptotic.com *.adsymptotic.com atdmt.com *.atdmt.com zscalertwo.net *.zscalertwo.net zscloud.net *.zscloud.net infomaniak.com *.infomaniak.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' google.com *.google.com gstatic.com *.gstatic.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com facebook.com *.facebook.com facebook.net *.facebook.net *.licdn.com *.ads-twitter.com *.linkedin.com *.bing.com *.twitter.com t.co *.t.co googleadservices.com *.googleadservices.com swisstransfer.com *.swisstransfer.com; font-src 'self' github.com *.github.com gstatic.com *.gstatic.com; connect-src 'self' googletagmanager.com *.googletagmanager.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.com *.google.com bing.com *.bing.com infomaniak.ch *.infomaniak.ch infomaniak.com *.infomaniak.com swisstransfer.com *.swisstransfer.com; frame-src 'self' google.com *.google.com; media-src 'self'; worker-src 'self' swisstransfer.com *.swisstransfer.com; report-uri https://www.swisstransfer.com/api/cspReport 1 block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 1 report-uri https://www.yelp.com/csp_report_only?id=66b4e4cacf16345b&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610693575; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com http://cdn.jsdelivr.net http://d2wutcmzxutplq.cloudfront.net; object-src 'self' http://d2wutcmzxutplq.cloudfront.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com http://www.google-analytics.com https://www.google-analytics.com http://cdn.jsdelivr.net http://d2wutcmzxutplq.cloudfront.net; img-src 'self' http://www.google-analytics.com http://d2wutcmzxutplq.cloudfront.net https://stats.g.doubleclick.net; media-src 'self' http://d2wutcmzxutplq.cloudfront.net; frame-src 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://www.google-analytics.com http://cdn.jsdelivr.net http://d2wutcmzxutplq.cloudfront.net; connect-src 'self' 'unsafe-inline' https://*.googleapis.com http://www.google-analytics.com https://www.google-analytics.com; report-uri /report-csp-violation 1 report-uri /csp-reports/; default-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; connect-src 'self' https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://*.pndsn.com https://pubsub.pubnub.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hsforms.com https://www.facebook.com https://jsd-widget.atlassian.com https://mgas.prod.public.atl-paas.net; font-src 'self' https://production-trackbill.netdna-ssl.com https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net https://www.youtube.com https://connect.facebook.net; img-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://mozilla.github.io https://static.hsappstatic.net https://track.hubspot.com https://hubspot-avatars.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://certify.alexametrics.com https://d5nxst8fruw4z.cloudfront.net data: blob:; media-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; object-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://app.hubspot.com https://static.hsappstatic.net https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-scripts.com https://bam.nr-data.net https://connect.facebook.net https://www.google-analytics.com https://d31qbv1cthcecs.cloudfront.net https://www.googletagmanager.com https://js-agent.newrelic.com https://mgas.prod.public.atl-paas.net https://jsd-widget.atlassian.com; style-src 'self' 'unsafe-inline' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://static.hsappstatic.net https://www.google-analytics.com https://fonts.googleapis.com; child-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net; form-action 'self' https://trackbill.com https://*.trackbill.com https://connect.facebook.net; frame-ancestors 'none'; plugin-types application/pdf; 1 script-src 'nonce-tnNVepJqvOVnTYnlhay4Lw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/workspace-web-team; base-uri 'none' 1 default-src 'self' https://*.minecraft.jp; script-src 'self' 'unsafe-inline' 'nonce-c_A0W34W8K7zjSigULyrMg' 'report-sample' https://*.minecraft.jp https://ajax.googleapis.com https://apis.google.com https://connect.facebook.net https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.minecraft.jp; img-src 'self' data: https://*.minecraft.jp https://*.gstatic.com https://www.facebook.com; font-src 'self' data:; frame-src https://*.facebook.com https://*.twitter.com; report-uri https://report-uri.appspot.com/987875600540635136?ro=1 1 default-src 'self' *.justanswer.jp; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.justanswer.jp *.justanswer.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com cdn.mouseflow.com ajax.googleapis.com assets.adobedtm.com tracker.marinsm.com d.impactradius-event.com *.optimizely.com; style-src 'self' 'unsafe-inline' *.justanswer.jp *.justanswer.com; img-src 'self' data: https: *.justanswer.jp ww2.justanswer.jp; font-src data: 'self' fonts.gstatic.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com *.justanswer.jp; frame-src 'self' bid.g.doubleclick.net; report-uri https://secure.justanswer.jp/processes/csp-violation.ashx; 1 default-src https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; manifest-src 'self' https://cdn.evbstatic.com ; style-src https: 'unsafe-inline' ; connect-src https: about: ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors https: 'self' ; worker-src https: blob: 'self' ; font-src https: data: ; img-src https: data: ; form-action 'self' https: ; child-src 'self' ; report-uri https://www.eventbrite.be/ajax/csp-violation/action ; 1 frame-src data: 'self' https://walls.io https://*.ost.ch https://elearning.fhsg.ch; object-src 'self' https://*.ost.ch; default-src 'self' https://*.ost.ch https://*.gstatic.com; script-src data: 'self' 'unsafe-eval' 'unsafe-inline' https://walls.io https://*.fusedeck.net https://*.gstatics.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.ost.ch; connect-src 'self' https://*.ost.ch wss://io.fusedeck.net https://www.google-analytics.com; img-src 'self' data: https://*.ost.ch https://www.google-analytics.com https://track.adform.net https://*.gstatic.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.ost.ch; 1 connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 1 script-src 'self' https://cdn.datatables.net; script-src-attr 'self'; style-src 'self' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1 font-src *.sagepay.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.trustedshops.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com chat.totaltiles.co.uk 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.sagepay.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.twitter.com *.google.com *.addthis.com *.reviews.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com *.sagepay.co.uk *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com 'self' data: www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addthis.com z.moatads.com *.addthisedge.com apis.google.com *.reviews.co.uk graph.facebook.com widgets.pinterest.com chat.totaltiles.co.uk www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com chat.totaltiles.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com *.cloudflare.com *.twitter.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://totaltiles.co.uk/; report-to report-endpoint; 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: store.paradoxlabs.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://cdnjs.cloudflare.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; base-uri 'self'; connect-src 'self' bam.nr-data.net sentry.io *.freshworksapi.com wss://*.freshworksapi.com www.google-analytics.com heapanalytics.com www.in-freshbots.ai *.pusher.com; font-src 'self' d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net data: fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com; frame-src 'self' *.webpush.freshchat.com *.freshreports.com wchat.freshchat.com *.freshid.io *.freshworks360.io *.chargebee.com *.myfreshworks.dev *.freshworksweb.com freshdesk.com *.freshworks.com *.int.myfreshworks.dev; img-src https: data: blob:; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' accounts.freshworks.com bam.nr-data.net d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net js-agent.newrelic.com polyfill.io wchat.freshchat.com sentry.io js.chargebee.com www.google-analytics.com *.freshworksapi.com heapanalytics.com *.heapanalytics.com fonts.googleapis.com cdn.in-freshbots.ai stats.pusher.com; style-src 'report-sample' 'self' 'unsafe-inline' accounts.freshworks.com d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net wchat.freshchat.com fonts.googleapis.com cdn.in-freshbots.ai; worker-src 'self'; report-uri https://vfm4r1o44m.execute-api.us-east-1.amazonaws.com/default/FreshreleaseCSPReport 1 report-uri https://sentry.io/api/285406/security/?sentry_key=4838404aafea4aa3a71968579571e131; default-src 'self' data: https: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss:; child-src 'self' blob:; frame-src 'self' https:; worker-src 'self' blob: 1 default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de; script-src 'strict-dynamic' 'nonce-23a13c0f2a20951eb97298edd562fef2' 'nonce-46cf64960ff823e3b86d9efaa52bc9c3' 'nonce-d7d6953485c6b2422f7b76760dd34652' 'nonce-a7a83920e534af48aca862039c1b9a7d' 'nonce-004ab28d6b06a7410e49a16447312bca' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.winsim.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-23a13c0f2a20951eb97298edd562fef2' 'nonce-46cf64960ff823e3b86d9efaa52bc9c3' 'nonce-d7d6953485c6b2422f7b76760dd34652' 'nonce-a7a83920e534af48aca862039c1b9a7d' 'nonce-004ab28d6b06a7410e49a16447312bca' 'self' https: 'report-sample' 1 font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.veratad.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.addthis.com *.youtube.com *.veratad.com *.become.com *.pepperjamnetwork.com *.emjcd.com *.dotomi.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.trustwave.com *.edgecastcdn.net *.gstatic.com *.bizrate.com 'self' data: *.connexity.net *.vapor4life.com 'self' blob: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.fontawesome.com *.addthisedge.com *.addthis.com *.turnto.com *.trustwave.com *.trackedlink.net *.moatads.com *.googleapis.com *.bizrate.com *.pangora.com *.become.com www.become.com *.pepperjam.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.turnto.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.addthis.com *.google-analytics.com *.turnto.com cdn-ws.turnto.com ws.turnto.com *.doubleclick.net *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://vapor4life.com/; report-to report-endpoint; 1 worker-src blob:; font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com https://cuttingedgestencils.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://cdn.ampproject.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://cdn.ampproject.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; manifest-src 'self' https://cdn.evbstatic.com ; style-src https: 'unsafe-inline' ; connect-src https: about: ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors https: 'self' ; worker-src https: blob: 'self' ; font-src https: data: ; img-src https: data: ; form-action 'self' https: ; child-src 'self' ; report-uri https://www.eventbrite.com.mx/ajax/csp-violation/action ; 1 report-uri https://www.yelp.com/csp_report_only?id=d900b34502942d00&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610687841; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 font-src https://www.gstatic.com https://fonts.gstatic.com data: https://v2.zopim.com https://script.hotjar.com https://widgets.trustedshops.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.google.com https://secure.pay1.de https://vars.hotjar.com https://www.youtube.com https://www.facebook.com http://gum.criteo.com http://static.criteo.net http://st.smartassistant.com https://bid.g.doubleclick.net/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com http://www.google.com https://www.googletagmanager.com https://sslwidget.criteo.com http://static.criteo.net https://widget.eu.criteo.com widgets.trustedshops.com https://connect.facebook.net https://secure.pay1.de https://cdn.klarna.com https://bat.bing.com https://www.dwin1.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://v2.zopim.com https://clientcdn.pushengage.com https://a.optmnstr.com https://amplify.outbrain.com https://ai.trk42.net https://static.zdassets.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com widgets.trustedshops.com https://mobilityhouse.pushengage.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com *.api.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://z.omappapi.com https://api.omappapi.com https://in.hotjar.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /mb_csp; report-to report-endpoint; 1 default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 1 default-src 'self'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.akamaihd.net https://*.dynamicyield.com https://*.googletagmanager.com https://*.feedbackify.com https://*.fullstory.com https://*.google-analytics.com https://*.limelight.com https://*.delvenetworks.com https://*.lpsnmedia.net https://*.liveperson.net https://*.bazaarvoice.com https://*.amazonaws.com data:; connect-src 'self' https://*.googleapis.com https://*.akamaihd.net https://*.dynamicyield.com https://*.googletagmanager.com https://*.feedbackify.com https://*.fullstory.com https://*.google-analytics.com https://*.limelight.com https://*.delvenetworks.com data:; font-src 'self' data:; img-src * data:; object-src 'none' ; frame-ancestors 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; child-src 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; frame-src 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; report-uri https://snapav.report-uri.com/r/d/csp/reportOnly; 1 child-src 'self'; connect-src 'self' data: https://*.cloudflare.com https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://bit4coin.net wss://*.hotjar.com; default-src 'self' *.ravenjs.com; font-src 'self' data: https://*.fontawesome.com https://*.gstatic.com https://unpkg.com; frame-src 'self' data: http://*.google.com https://*.cloudfront.net https://*.google.com https://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.google.com https://*.bitbond.com https://*.cloudfront.net https://*.eu-central-1.amazonaws.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.webflow.com; manifest-src 'self'; media-src 'self' data:; object-src 'self' https://*.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.hotjar.com https://*.newrelic.com https://*.nr-data.net https://unpkg.com wss://*.hotjar.com; style-src 'self' 'unsafe-inline' http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.fontawesome.com https://*.google.com https://*.googleapis.com https://unpkg.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_e1d179bd309a456abc36313a51dfc009 1 default-src 'self' https://jobs.b-ite.com https://bwp-online.gelsenkirchen.de https://ads.gelsen.net; style-src 'self' 'unsafe-inline' https://bwp-online.gelsenkirchen.de; img-src 'self' https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://server.arcgisonline.com https://*.tile.openstreetmap.org https://geodaten.metropoleruhr.de https://gdi.gelsenkirchen.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ads.gelsen.net https://webstatistik.gelsenkirchen.de https://static.b-ite.com https://cs-assets.b-ite.com https://bwp-online.gelsenkirchen.de/; child-src 'self' https://www.youtube.com https://player.vimeo.com https://whitelabel.hotel.de https://tempus-termine.com https://*.gelsenkirchen.de 1 default-src https: ws:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 default-src * blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=145-9228116-2087440:rid=YBXGFJMPGVJ62EN9EH6B:sn=www.audible.com 1 default-src 'self'; script-src 'self' data: 'unsafe-inline' https://*; style-src 'self' 'unsafe-inline' https://*; img-src * 'self' https://*; font-src * 'self' https://*; connect-src https://*; frame-src https://* 1 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1 font-src *.bootstrapcdn.com *.googleapis.com *.gstatic.com data: *.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com platform.twitter.com *.trustpilot.com *.affirm.com *.gstatic.com *.google.com *.doubleclick.net *.olark.com *.google.co.in www.youtube.com *.criteo.com *.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.shopperapproved.com *.gstatic.com data: *.cloudfront.net *.google.com *.google.co.in *.bing.com *.olark.com *.doubleclick.net *.attentivemobile.com *.klaviyo.com www.gravatar.com *.helpdocs.io *.affirm.com *.clmbtech.com *.media.net *.teads.tv *.tapad.com *.outbrain.com *.postrelease.com *.yahoo.com *.criteo.com *.advertising.com *.yieldmo.com *.sharethrough.com *.addthis.com *.taboola.com *.360yield.com *.smartadserver.com *.aralego.com *.rubiconproject.com *.bidswitch.net *.liadm.com *.demdex.net *.agkn.com *.aralego.net *.krxd.net *.bluekai.com *.turn.com *.amgdgt.com *.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com connect.facebook.net twitter.com platform.twitter.com *.trustpilot.com *.shopperapproved.com *.google.com *.googleapis.com *.affirm.com *.gstatic.com *.cloudfront.net www.googletagmanager.com *.doubleclick.net *.bing.com *.criteo.net *.attn.tv *.olark.com *.opmnstr.com *.attentivemobile.com *.formstack.com *.omappapi.com *.criteo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com *.googleapis.com *.cloudfront.net *.olark.com *.formstack.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.olark.com *.attentivemobile.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src *.cloudfront.net 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klaviyo.com *.paypal.com *.affirm.com *.rollbar.com *.cloudfront.net *.olark.com *.omappapi.com *.attentivemobile.com www.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://uvbshvgaro0wreus1xk28aaq.httpschecker.net/report 1 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.egeszsegkalauz.hu::PROD_21_7_2_AWS 1 default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://geo.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/canmore-live ; 1 child-src https://www.google.com https://www.facebook.com https://facebook.com https://platform.twitter.com https://www.youtube.com; connect-src 'self' https://scout.salesloft.com https://www.facebook.com https://sample-api-v2.crazyegg.com https://*.currencycloud.com https://www.google.com https://www.google-analytics.com https://6c5lkmk3mbdm.statuspage.io; font-src 'self' https://cdn2.hubspot.net https://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com data:; script-src https://www.google.com https://www.gstatic.com https://go.currencycloud.com https://analytics.twitter.com https://pi.pardot.com 'unsafe-eval' 'self' https://apis.google.com https://platform.twitter.com https://fonts.googleapis.com https://*.cloudflare.com 'unsafe-inline' https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.statuspage.io https://sjs.bizographics.com https://www.googleadservices.com https://www.google-analytics.com https://script.crazyegg.com https://connect.facebook.net https://snap.licdn.com https://scout-cdn.salesloft.com https://static.ads-twitter.com https://googleads.g.doubleclick.net; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline' https://*.cloudflare.com; img-src 'self' https://www.linkedin.com https://p.adsymptotic.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://t.co https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://assets.currencycloud.com https://*.currencycloud.com https://cdn2.hubspot.com https://cdn2.hubspot.net data: https://scout.us1.salesloft.com; default-src 'none'; report-uri https://58bb3f083a81706efa5a3ef869f8bba2.report-uri.com/r/d/csp/reportOnly 1 default-src *; script-src 'self' https: *; style-src https: *; img-src *; connect-src 'self' https: *; media-src 'self' https: https://*; child-src 'none' 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sbdesignsquare.com *.fontawesome.com *.doubleclick.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com *.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.twitter.com *.addthis.com *.line.me *.kasikornbank.com *.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com www.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.googletagmanager.com *.sstatic.net *.iconfinder.com *.google.com *.google.com.vn *.pixriot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.kasikornbank.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addthis.com *.moatads.com *.addthisedge.com *.line-scdn.net *.newrelic.com *.nr-data.net *.pinterest.com *.doubleclick.net https://sbmedia3.sbdesignsquare.com http://analytics.sbdesignsquare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.line-scdn.net *.pinterest.com *.newrelic.com *.nr-data.net https://sbmedia3.sbdesignsquare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com connect.facebook.net graph.facebook.com *.kasikornbank.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.addthis.com *.sbdesignsquare.com wss://chatwebsbcm.sbdesignsquare.com *.nr-data.net *.doubleclick.net *.google-analytics.com *.pixriot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sb.dev.bluecomvn.com/; report-to report-endpoint; 1 font-src fonts.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: maps.googleapis.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com acsbap.com 'self' data: *.bigmarker.com *.freshchat.com *.afterpay.com *.acsbapp.com acsbapp.com *.yotpo.com eadn-wc01-1928470.nxedge.io fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com *.facebook.com https://store.plumrocket.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com/ *.twitter.com *.attn.tv *.livechatinc.com *.youtube.com *.doubleclick.net *.signifyd.com *.online-metrix.net *.borderfree.com *.google.com *.freshchat.com *.bounceexchange.com *.bigmarker.com *.accessibe.com accessibe.com *.acuityscheduling.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com platform.twitter.com https://store.plumrocket.com *.wesupply.xyz *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.magezon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.searchspring.net *.searchspring.io *.borderfree.com *.bazaarvoice.com *.attentivemobile.com *.livechatinc.com acsbap.com *.attn.tv *.bing.com *.doubleclick.net *.curalate.com *.signifyd.com *.online-metrix.net *.google.com *.trackedlink.net *.googleusercontent.com *.bigmarker.com *.gravatar.com *.cloudfront.net *.freshchat.com *.afterpay.com *.afterpay.com.au *.bouncex.net *.bounceexchange.com *.cdnwidget.com *.pippio.com pippio.com acsbapp.com *.acsbapp.com *.yotpo.com eadn-wc01-1928470.nxedge.io *.acuityscheduling.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com store.paradoxlabs.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.searchspring.net *.searchspring.io *.borderfree.com *.bazaarvoice.com *.bing.com *.livechatinc.com *.doubleclick.net acsbap.com *.trackedlink.net *.attn.tv *.curalate.com *.signifyd.com *.googleapis.com *.google.com *.bigmarker.com *.freshchat.com *.afterpay.com *.wknd.ai *.bounceexchange.com *.acsbapp.com acsbapp.com eadn-wc01-1928470.nxedge.io *.acuityscheduling.com *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com connect.facebook.net twitter.com platform.twitter.com *.authorize.net maps.googleapis.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.fonts.net *.bootstrapcdn.com *.searchspring.net *.searchspring.io *.borderfree.com *.bazaarvoice.com *.bigmarker.com *.freshchat.com *.afterpay.com eadn-wc01-1928470.nxedge.io cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.cardinalcommerce.com *.bing.com *.acsbap.com *.curalate.com *.google-analytics.com *.bazaarvoice.com *.borderfree.com *.signifyd.com *.authorize.net *.attn.tv *.doubleclick.net *.afterpay.com *.bouncex.net *.acsbapp.com acsbapp.com *.cdnbasket.net *.cdnwidget.com *.signifyd.com:11103 *.facebook.com eadn-wc01-1928470.nxedge.io *.searchspring.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://d492fa440c9db5c4abd4ccfcfb8e4f4c.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' bat.bing.com www.gstatic.com s.adroll.com d.adroll.com connect.facebook.net googleapis.com www.google-analytics.com www.googletagmanager.com; report-uri https://csp.withgoogle.com/csp/webpass/20191113_experiment 1 default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-bT1Ymq1WqmR/IVUk/bpwBj+OeadvKW6Z37bJhTu00oY='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://5b0dfxfhuka0vuk5ju0see3i.httpschecker.net/report 1 default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com; child-src blob: *; frame-src 'self' lnkd.demdex.net linkedin.cdn.qualaroo.com; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=g 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ng&source%5Bsection%5D=brochure&source%5Buuid%5D=157465dc5576059610950b1a88cf2258 1 default-src 'self' 'unsafe-inline' *.typekit.net *.google.com *.gstatic.com *.marshmma.com *.cloudinary.com *.wistia.net *.cloudflare.com *.jsdelivr.net *.google-analytics.com *.googletagmanager.com *.trustarc.com 1 report-uri https://o52514.ingest.sentry.io/api/5256715/security/?sentry_key=039cc5d9186849878c44ba5804f61696;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ampproject.org cdn.mouseflow.com *.dialogtech.com *.googleapis.com ws1.postescanada-canadapost.ca *.bing.com *.cloudfront.net *.cloudflare.com *.cloudflareinsights.com *.fontawesome.com *.facebook.net *.google-analytics.com *.googleoptimize.com *.googletagmanager.com www.googletagmanager.com *.ada.support *.typekit.net 1 report-uri https://www.yelp.com/csp_report_only?id=ba71d4fc2bdd58d1&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610691916; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1 child-src mc.yandex.ru mc.yandex.md;style-src yastatic.net 'unsafe-inline';default-src 'none';script-src yastatic.net mc.yandex.ru awaps.yandex.ru 'nonce-aMuSNsi2vR2SDfXPjBswsA==' yandex.ru;img-src favicon.yandex.net avatars.mds.yandex.net mc.yandex.ru yastatic.net mc.yandex.com yandex.ru *.verify.yandex.ru mc.admetrica.ru 'self' data: awaps.yandex.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1610687748.92124.95085.50769&h=stable-morda-any-man-yp-1&csp=new&date=20210115&yandexuid=9422616821610687748;connect-src yandex.ru mc.yandex.ru mc.admetrica.ru 1 frame-ancestors 'none'; report-uri https://reports.booking.com/csp_violation?type=report&tag=112&pid=0b9830b3576300be&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKPIN2KFUByslmuQz_64ll15cJQsghijZo0&f=2&s=0; 1 report-uri https://dtagovau.report-uri.com/r/d/csp/reportOnly 1 font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.google.com www.youtube.com amc.demdex.net vars.hotjar.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com network-eu-stg.bazaarvoice.com network-eu.bazaarvoice.com media.nacongaming.com amcglobal.sc.omtrdc.net data: cm.everesttech.net dpm.demdex.net www.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com network-eu.bazaarvoice.com network-eu-stg.bazaarvoice.com www.googletagmanager.com www.google.com www.gstatic.com script.hotjar.com static.hotjar.com connect.facebook.net chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net www.paypal.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://n5mcn64l2tp5piztj1c2b0wj.httpschecker.net/report 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com *.bootstrapcdn.com *.hotjar.com *.subdued.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.google.it *.hotjar.com *.subdued.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google.com *.google.it *.google-analytics.com *.googleadservices.com *.ytimg.com *.visualwebsiteoptimizer.com *.cdninstagram.com *.facebook.com *.fna.fbcdn.net *.paypal.com *.paypalobjects.com data: *.subdued.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeocdn.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.bootstrapcdn.com *.google.com *.google.it *.googletagmanager.com *.doubleclick.net *.newrelic.com *.nr-data.net *.visualwebsiteoptimizer.com *.facebook.com *.facebook.net *.hotjar.com *.subdued.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.bootstrapcdn.com *.subdued.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.googleadservices.com *.paypal.com *.subdued.com *.nr-data.net *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.gstatic.com *.bootstrapcdn.com *.hotjar.com *.newrelic.com *.nr-data.net *.google.com *.google.it *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.com *.facebook.net *.youtube.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.doubleclick.net *.visualwebsiteoptimizer.com *.subdued.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' https: http:; object-src 'none'; style-src 'self' 'unsafe-inline' https: http:; img-src * data:; media-src *; frame-src *; frame-ancestors 'self'; font-src 'self' data: *; connect-src *; report-uri https://o76320.ingest.sentry.io/api/5434086/security/?sentry_key=4606408afb594b4dafe50588b2179815 1 default-src 'self' *.justanswer.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.justanswer.es *.justanswer.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com cdn.mouseflow.com ajax.googleapis.com assets.adobedtm.com tracker.marinsm.com d.impactradius-event.com *.optimizely.com; style-src 'self' 'unsafe-inline' *.justanswer.es *.justanswer.com; img-src 'self' data: https: *.justanswer.es ww2.justanswer.es; font-src data: 'self' fonts.gstatic.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com *.justanswer.es; frame-src 'self' bid.g.doubleclick.net; report-uri https://secure.justanswer.es/processes/csp-violation.ashx; 1 report-uri https://csp.edipresse.pl/report/viva; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1 font-src *.gstatic.com 'self' data: *.googleapis.com *.bootstrapcdn.com media.qcsupply.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.affirm.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.youtube.com *.olark.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.dcatalog.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com data: 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.symantec.com *.bootstrapcdn.com *.olark.com *.gstatic.com *.googleapis.com media.qcsupply.com *.groupbycloud.com *.google.com.ua *.doubleclick.net *.g.doubleclick.net *.bing.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.groupbycloud.com *.olark.com static.olark.com *.symantec.com *.mouseflow.com chimpstatic.com *.affirm.com *.qcsupply.com *.gstatic.com *.googleapis.com media.qcsupply.com *.bing.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.dcatalog.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.cloudflare.com *.olark.com *.bootstrapcdn.com media.qcsupply.com i.ytimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.olark.com *.affirm.com *.groupbycloud.com *.mouseflow.com media.qcsupply.com *.facebook.com *.bing.com *.doubleclick.net *.g.doubleclick.net *.nr-data.net *.vimeo.com *.rollbar.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /iwd_csp/report/log; report-to report-endpoint; 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://store.plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: dc.services.visualstudio.com *.doubleclick.net s.yimg.com www.google-analytics.com cookie-cdn.cookiepro.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vars.hotjar.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.googletagmanager.com vars.hotjar.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net use.fontawesome.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net use.fontawesome.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cookie-cdn.cookiepro.com ads.avocet.io www.google-analytics.com cdnjs.cloudflare.com siteimproveanalytics.com dl.episerver.net static.hotjar.com s.yimg.com *.doubleclick.net www.googletagmanager.com sp.analytics.yahoo.com az416426.vo.msecnd.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: px.ads.linkedin.com www.google-analytics.com cookie-cdn.cookiepro.com www.google.com 6059819.global.siteimproveanalytics.io *.doubleclick.net www.googletagmanager.com ; form-action 'none' data: blob: ; report-uri /csp_report 1 font-src *.gstatic.com 'self' data: *.klevu.com *.klarna.com *.playground.kl *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.beerhawk.co.uk *.twitter.com *.facebook.com *.klarna.com *.playground.klarna.com *.klarnaevt.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.apt.io r.atp.io *.beerhawk.co.uk *.braintreegateway.com *.gstatic.com *.klarna.com *.playground.klarna.com *.klarnaevt.com *.twitter.com *.youtube.com *.hotjar.com *.facebook.com wchat.eu.freshchat.com *.eu.webpush.freshchat.com match.adsrvr.org insight.adsrvr.org 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net data: *.beerhawk.co.uk beerbods.co.uk *.googleadservices.com *.google-analytics.com *.google.co.uk *.postcodeanywhere.co.uk *.paypal.com *.tinifycdn.com *.nosto.com *.klevu.com *.klarna.com *.klarnaevt.com *.playground.klarna.com *.cookielaw.org *.everesttech.net amcglobal.sc.omtrdc.net px.ads.linkedin.com *.bing.com *.zenaps.com *.awin1.com *.googletagmanager.com *.linkedin.com *.tvsquared.com dpm.demdex.net ads.avocet.io ads.avct.cloud id.ricdn.com id.rlcdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.klarna.com *.playground.klarna.com *.klarnaevt.com *.bing.com *.cardinalcommerce.com *.cloudflare.com *.cloudflareinsights.com *.cookielaw.org *.dwin1.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.hotjar.com *.klevu.com *.licdn.com *.newrelic.com *.nr-data.net *.paypal.com *.pcapredict.com *.ratebeer.com *.trackedlink.net *.trackedweb.net *.twitter.com *.vimeocdn.com *.braintreegateway.com *.postcodeanywhere.co.uk *.measured.com *.nosto.com wchat.eu.freshchat.com *.lr-ingest.io js.adsrvr.org *.tvsquared.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.cloudflare.com *.cookielaw.org *.klevu.com *.klarna.com *.klarnaevt.com *.playground.klarna.com *.postcodeanywhere.co.uk wchat.eu.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.cloudflare.com beerbods.co.uk https://dpm.demdex.net *.facebook.com *.facebook.net *.dwin1.com *.cardinalcommerce.com *.braintree-api.com *.braintreegateway.com *.bing.com *.klevu.com *.ksearchnet.com *.newrelic.com *.nr-data.net *.postcodeanywhere.co.uk *.trackedlink.net *.trackedweb.net *.klarna.com *.playground.klarna.com *.klarnaevt.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.nosto.com *.lr-ingest.io *.cookielaw.org https://privacyportal-de.onetrust.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src https://dpm.demdex.net https://amcglobal.sc.omtrdc.net *.klarna.com *.playground.klarna.com *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'nonce-Ba1Eza7VKm7Q1RPr-fipTQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src * ;report-uri /xp/CSPReport.ashx ;script-src https://images.mysafetysign.com https://commondatastorage.googleapis.com https://fast.wistia.com https://pay.google.com https://static-na.payments-amazon.com https://www.google-analytics.com https://www.snapengage.com https://bat.bing.com https://bam.nr-data.net https://js-agent.newrelic.com https://www.google.com https://www.googleadservices.com https://www.googlecommerce.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://static.cloudflareinsights.com https://www.gstatic.com https://www.resellerratings.com https://a.omappapi.com https://a.optnmstr.com https://ajax.googleapis.com https://snid.snitcher.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://apis.google.com 'self' 'unsafe-inline' 'unsafe-eval' data: about: ;style-src https://images.mysafetysign.com https://fonts.googleapis.com http://www.google.com https://cdn1.resellerratings.com https://www.resellerratings.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' ;connect-src https://www.google.co.in https://ampcid.google.com https://bam.nr-data.net https://ssanalytics.smartsign.com https://ssanalytics.mysafetysign.com https://distillery.wistia.com https://embed-fastly.wistia.com https://payments-sandbox.amazon.com https://pipedream.wistia.com https://bat.bing.com https://fg8vvsvnieiv3ej16jby.litix.io https://apay-us.amazon.com https://payments.amazon.com https://www.googleadservices.com https://www.resellerratings.com https://ampcid.google.co.in https://api.omappapi.com https://z.omappapi.com https://snid.snitcher.com https://stats.g.doubleclick.net https://embedwistia-a.akamaihd.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://cdn.ampproject.org https://www.google-analytics.com 'self' blob: ;font-src https://fonts.gstatic.com https://images.mysafetysign.com https://maxcdn.bootstrapcdn.com 'self' data: ;object-src https://embed-fastly.wistia.com 'self' ;img-src https://images.mysafetysign.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://fast.wistia.com https://s3.amazonaws.com https://www.google-analytics.com https://www.gstatic.com https://d2ldlvi1yef00y.cloudfront.net https://bat.bing.com https://www.facebook.com https://www.google.com https://www.google.co.in https://googleads.g.doubleclick.net https://embedwistia-a.akamaihd.net http://www.google.com http://www.mysafetysign.com http://www.xpresscenter.com https://cdn1.resellerratings.com https://cdn3.resellerratings.com https://csi.gstatic.com https://www.googletagmanager.com https://a.opmnstr.com https://pagead2.googlesyndication.com https://www.snapengage.com 'self' data: blob: ;media-src https://fast.wistia.net https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net 'self' blob: ;frame-src https://pay.google.com https://www.facebook.com https://bid.g.doubleclick.net https://accounts.google.com https://tpc.googlesyndication.com https://www.google.com 'self' gsa: mailto: ;child-src 'self' ;worker-src 'self' blob: ;form-action https://www.facebook.com http://www.mydoorsign.com 'self' javascript: ;frame-ancestors 'self' 1 font-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com fonts.gstatic.com use.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com secure.authorize.net test.authorize.net *.gomoxie.solutions *.braintreegateway.com https://store.plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com stats.g.doubleclick.net d1dwsi2ysdg1so.cloudfront.net data: us.coca-cola.com cocacola.scene7.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com secure.authorize.net test.authorize.net www.youtube.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions *.googleapis.com js-agent.newrelic.com js.braintreegateway.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions fonts.googleapis.com p.typekit.net *.pricespider.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintree-api.com *.paypal.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 report-uri https://www.yelp.com/csp_report_only?id=b9db4f322fab9d1d&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610688279; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/app 1 default-src * blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=140-9898096-8573811:rid=VQMNQCNV26YVJBFBYYTJ:sn=www.audible.com 1 default-src 'self'; script-src 'report-sample' 'self' 'nonce-YAE6UAoAAAYAAcLlBc4AAAAD' 'strict-dynamic' 'unsafe-eval'; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://distillery.wistia.com https://embed-fastly.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://rum-collector-2.pingdom.net https://embedwistia-a.akamaihd.net https://forms.hsforms.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com https://www.instagram.com https://www.youtube.com ; frame-ancestors 'self' https://*.adobe.com https://*.amplexor.com; img-src 'self' data: https://embed-fastly.wistia.com https://fast.wistia.com https://perf.hsforms.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.google.be https://www.google.com https://embedwistia-a.akamaihd.net https://i.ytimg.com https://www.googletagmanager.com https://*.facebook.com https://img.youtube.com ; manifest-src 'self'; media-src 'self' blob:; child-src blob:; worker-src 'self' blob:; 1 base-uri 'none'; object-src 'none'; script-src https://wowlazymacros.com/logs/ https://wowlazymacros.com/sidekiq/ https://wowlazymacros.com/mini-profiler-resources/ https://wowlazymacros.com/assets/ https://wowlazymacros.com/brotli_asset/ https://wowlazymacros.com/extra-locales/ https://wowlazymacros.com/highlight-js/ https://wowlazymacros.com/javascripts/ https://wowlazymacros.com/plugins/ https://wowlazymacros.com/theme-javascripts/ https://wowlazymacros.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://wow.zamimg.com/widgets/power.js https://code.highcharts.com/highcharts.js https://bloodmallet.com/js/bloodmallet_chart_import.min.js https://embed.twitch.tv/embed/v1.js https://embed.twitch.tv/ https://player.twitch.tv/? https://*.twitch.tv https://wow.zamimg.com/widgets/power.js; worker-src 'self' https://wowlazymacros.com/assets/ https://wowlazymacros.com/brotli_asset/ https://wowlazymacros.com/javascripts/ https://wowlazymacros.com/plugins/ 1 default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=metroh&d=2021-01-15 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com scotland.shinyapps.io; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1 report-uri https://www.yelp.com/csp_report_only?id=5ee2d0a07d81233d&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610687901; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'self' https: 'unsafe-inline'; img-src https: data:; font-src 'self' https: data:; connect-src 'self' https: wss://*.hotjar.com; object-src 'none'; report-uri https://www.smithsonian.com/_csp_report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bpoint.com.au/webapi/v2/txns/processiframetxn/ https://www.bpoint.com.au/webapi/v2 https://www.google-analytics.com/ https://6178240.global.siteimproveanalytics.io; connect-src 'self' https://www.google-analytics.com https://6178240.global.siteimproveanalytics.io https://stats.g.doubleclick.net https://siteimproveanalytics.com; frame-src 'self' https://www.bpoint.com.au/ https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://forms.office.com/ https://nhvr.ispringcloud.com/; img-src 'self' https://www.google-analytics.com/ https://6178240.global.siteimproveanalytics.io https://stats.g.doubleclick.net/; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://siteimproveanalytics.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' ; report-uri https://www.nhvr.gov.au/report-uri/reportOnly 1 default-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.iconjob.co https://www.google-analytics.com http://r.mradx.net https://*.mail.ru https://hb.bizmrg.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ru https://*.yandex.ru https://*.yandex.net https://*.doubleclick.net *.imgsmail.ru *.facebook.com *.mradx.net *.gstatic.com *.facebook.net *.googletagmanager.com; connect-src https://*.worki.ru wss://*.worki.ru https://suggestions.dadata.ru https://clickstream.worki.ru *.mail.ru https://*.yandex.ru https://www.facebook.com https://recommender.scarabresearch.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.iconjob.co wss://*.iconjob.co; font-src https://r.mradx.net https://fonts.gstatic.com https://yastatic.net; child-src https://*.mail.ru https://*.imgsmail.ru https://*.doubleclick.net https://yastatic.net https://www.facebook.com; script-src 'self' https://*.iconjob.co https://*.worki.ru *.mail.ru https://www.google-analytics.com http://cdn.scarabresearch.com https://ok.ru yandex.ru *.yandex.ru *.yandex.net yastatic.net https://www.googletagmanager.com https://connect.facebook.net *.imgsmail.ru 'unsafe-inline' 'unsafe-eval' 'report-sample'; report-uri https://sentry.iconjob.co/api/23/security/?sentry_key=9c4b42adca9e4df2b1c097aec815e0c1&sentry_environment=production; 1 default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=iregiony&d=2021-01-15 1 child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_57df4e7c48d040f2c2ec048e109b7329 1 frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report 1 font-src api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 child-src 'self'; connect-src 'self' http://*.pinalove.com http://*.thaifriendly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.thaifriendly.com wss://*.vietnameselove.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com; frame-src 'self' https://*.facebook.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' blob: data: http://*.gstatic.com http://*.pinalove.com http://*.thaifriendly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com https://pinalove.com https://thaifriendly.com https://vietnameselove.com wss://*.pinalove.com wss://*.thaifriendly.com; manifest-src 'self'; media-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.yahooapis.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_136f6bd732b7462c9c5fd22fd24e9f47 1 default-src 'self' https: *.googleapis.com analytics.google.com api.rollbar.com api.swiftype.com wss://client.relay.crisp.chat *.crisp.chat *.hotjar.com *.callrail.com stats.g.doubleclick.net cdn2.warmlyyours.com *.wistia.com *.wistia.net www.gravatar.com www.googletagmanager.com checkout.getbread.com img.warmlyyours.com api.warmlyyours.com media.warmlyyours.com; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-jVHGmTzyd7R5UaGkpOlh4Q=='; style-src 'self' https: 'unsafe-inline' blob:; media-src 'self' https: blob:; frame-src 'self' https: js.stripe.com sketchfab.com; form-action 'self' https: appleid.apple.com warmlyyours.createsend.com www.facebook.com; worker-src blob:; report-uri https://warmlyyours.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'self'; object-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; frame-src 'self'; font-src 'self'; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report 1 default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 default-src https:; form-action https:; script-src 'self' 'unsafe-inline' chat.isac.org livechat.isac.org ajax.googleapis.com ssl.google-analytics.com code.highcharts.com cdn.datatables.net connect.facebook.net c0cre132.caspio.com secure.wufoo.com www.wufoo.com www.gstatic.com w.sharethis.com/button/buttons.js static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js public.tableau.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css c0cre132.caspio.com; img-src 'self' www.collegechangeseverything.org edfinancial.com ssl.google-analytics.com stats.g.doubleclick.net www.facebook.com chat.isac.org livechat.isac.org c0cre132.caspio.com; script-src-elem www.google.com/recaptcha/api.js; report-uri https://7e62cb02868e6169a2cec70f696ffb38.report-uri.com/r/d/csp/reportOnly 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com *.openpay.mx *.openpay.co *.opencontrol.mx *.kaptcha.com *.paynet.com.mx yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.postimg.cc yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.s3.amazonaws.com *.openpay.co *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mercadopago.com *.openpay.mx *.openpay.co yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com https://www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.magezon.com *.google.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.gstatic.com *.googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.google.com *.crisp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ http://cdn.jsdelivr.net; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data: http://www.rovid.nl; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; report-uri /report-csp-violation 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri https://www.yelp.com/csp_report_only?id=dbfec05fa6efd3f4&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610672635; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 font-src https://cdn.fontcdn.ir https://fonts.gstatic.com https://supsood.aasood.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://mc.yandex.ru http://cdn.dnky.co https://webchat.dotdigital.com https://app.raychat.io https://supsood.aasood.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://cdn.fontcdn.ir https://cdn.jsdelivr.net https://fonts.googleapis.com https://supsood.aasood.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://app.raychat.io https://supsood.aasood.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://mc.yandex.ru https://cdn.fontcdn.ir/* https://app.raychat.io https://webchat.dotdigital.com https://supsood.aasood.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src https://us.sttropeztan.com https://m.us.sttropeztan.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://static.thgcdn.cn https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://pay.google.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://us.sttropeztan.com/cspReport.txt; 1 default-src 'self'; script-src www.google-analytics.com; script-src-elem; script-src-attr; style-src 'self' stackpath.bootstrapcdn.com fonts.googleapis.com; style-src-elem; style-src-attr; img-src 'self'; font-src fonts.gstatic.com; connect-src; media-src; object-src; prefetch-src; child-src; frame-src; worker-src; frame-ancestors; form-action; base-uri; manifest-src; plugin-types; report-uri https://nicindustries.report-uri.com/a/d/g; report-to 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.my&source%5Bsection%5D=brochure&source%5Buuid%5D=8af0821eae2b1777eacd8c45ae4c9832 1 report-uri https://www.yelp.com/csp_report_only?id=769089d0e4f33b7b&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610692921; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de; script-src 'strict-dynamic' 'nonce-23b1c694b1bf33e062a362280e8f399a' 'nonce-c26a241f67ecfefe9f8e49c7893dc3b7' 'nonce-4a2017f16b8188602eadf8ccf5d01e60' 'nonce-a59eb07527b7f003732342bed0edb896' 'nonce-fa99155e4a1a25e2ae17c2b1971e1f16' 'nonce-4854b82a812f41e6b2d9c171b6d8e488' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.simplytel.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-23b1c694b1bf33e062a362280e8f399a' 'nonce-c26a241f67ecfefe9f8e49c7893dc3b7' 'nonce-4a2017f16b8188602eadf8ccf5d01e60' 'nonce-a59eb07527b7f003732342bed0edb896' 'nonce-fa99155e4a1a25e2ae17c2b1971e1f16' 'nonce-4854b82a812f41e6b2d9c171b6d8e488' 'self' https: 'report-sample' 1 block-all-mixed-content; report-uri https://www.matrony.ru/https-mixed-content-logger/csp_report_log.php; 1 default-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self'; report-uri https://report.csp.api.brightspace.com/report; 1 font-src 'self' https://*.kxcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kxcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://includes.ccdc02.com/cardinalcruise/ https://js.braintreegateway.com https://songbird.cardinalcommerce.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.kxcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://staticxx.facebook.com https://bid.g.doubleclick.net; img-src 'self' data: https:; report-uri /api/v0.1.0/security-report/csp; connect-src 'self' https:; object-src 'self' https://*.kxcdn.com; default-src 'self'; frame-src 'self' https://*.cardinalcommerce.com https://*.kxcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://checkout.paypal.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sc020yt0rwhkktjwws4uujxl.httpschecker.net/report 1 object-src 'none'; block-all-mixed-content; default-src 'self'; img-src 'self' data: https://biblionix.com/ https://demonstration.biblionix.com https://secure.gravatar.com/; style-src 'self' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://cdn.walkme.com/; font-src 'self' https://fonts.gstatic.com/ data:; report-uri https://www.biblionix.com/report/?block=0 1 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com js.pusher.com d14jnfavjicsbe.cloudfront.net a.opmnstr.com a.quora.com ajax.googleapis.com www.googleoptimize.com amplify.outbrain.com analytics.twitter.com a.omappapi.com sdk.loyaltylion.net *.loyaltylion.net assets.voyagetext.com js.recurly.com b1img.com bat.bing.com cdk.shopmsg.me cdn.fuelx.com cdn.jsdelivr.net cdn.pbbl.co cdn.shopmsg.me cdn.taboola.com cdn1.affirm.com cdnjs.cloudflare.com connect.facebook.net d.adroll.com *.cloudfront.net e.fomo.com edge.fullstory.com geocode.usefomo.com googleads.g.doubleclick.net js.b1js.com load.fomo.com loader.wisepops.com platform.shopmsg.me rules.quantcount.com s.adroll.com s.pinimg.com sc-static.net secure.quantserve.com secure.trust-provider.com static.ads-twitter.com static.zdassets.com staticw2.yotpo.com tags.b1js.com trc.taboola.com use.fontawesome.com use.typekit.net v2.zopim.com www.dojomojo.com www.facebook.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com www.dojomojo.ninja assets.zendesk.com alb.reddit.com cm.g.doubleclick.net spotter.fuel451.com www.lensabl.com www.lensable.com lensable.com lensabl.com fullstory.com js.stripe.com static-na.payments-amazon.com maps.googleapis.com getdrip.com cdn.lensabl.com *.getdrip.com *.klaviyo.com cdn.equalweb.com fast.a.klaviyo.com s3.amazonaws.com www.trustedsite.com js-agent.newrelic.com shop.pe bam.nr-data.net addshoppers.s3.amazonaws.com shopper.shop.pe static.fittingbox.com widget-mediator.zopim.com d.adroll.mgr.consensu.org s.dca0.com sn.dca0.com cdn.attn.tv lore.deduce.com api.dealspotr.com cdn.wove.com code.jquery.com s3-us-west-2.amazonaws.com www.clarity.ms 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com www.reedssports.com rum-static.pingdom.net a-52365312.cdn.ns8ds.com widget-mediator.zopim.com *.dotdigital-pages.com r2.dotdigital-pages.com r2-t.trackedlink.net www.google-analytics.com *.google.com www.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.newrelic.com *.nr-data.net *.com.imgeng.in *.miss.imgeng.in a-52365312.nscontrol.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net *.integrator.io js.authorize.net google-analytics.com 1 font-src 'self' data: 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.co www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net fonts.gstatic.com joinhoney.com cdn.joinhoney.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com s7.addthis.com imgs.signifyd.com amc.demdex.net 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.co www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net reebee.com www.reebee.com *.moneris.com h.online-metrix.net *.issuu.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 6127557.global.siteimproveanalytics.io amcglobal.sc.omtrdc.net cdn.klarna.com cm.everesttech.net dpm.demdex.net img.youtube.com imgs.signifyd.com landofcoder.com mageside.com maps.gstatic.com maps.googleapis.com *.online-metrix.net www.bmr.co www.mageworx.com 'self' 'unsafe-inline' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net www.google.ro www.google.be www.google.co.in www.google.fr www.google.dz adserve.atedra.com *.gstatic.com *.siteimprove.com *.siteimproveanalytics.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com polyfill.io 'self' data: 'unsafe-inline' data: 'unsafe-eval' data: s7.addthis.com maps.googleapis.com z.moatads.com v1.addthisedge.com m.addthis.com r2-t.trackedlink.net imgs.signifyd.com cdn-scripts.signifyd.com www.google.com 'self' 'unsafe-inline' 'unsafe-eval' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.co www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com *.algolia.net www.reebee.com reebee.com www.gstatic.com *.gstatic.com siteimproveanalytics.com bam.nr-data.net r2.dotmailer-surveys.com static.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.co www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.algolia.net m.addthis.com *.algolianet.com imgs.signifyd.com amcglobal.sc.omtrdc.net dpm.demdex.net 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.co www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com polyfill.io ca.api4load.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.co www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /pub/csp-report.php; report-to report-endpoint; 1 default-src 'self' 'unsafe-inline' 'nonce-o32WzMMhvSPLRJKmJ/DUerA9' *.joesecurity.org www.google.com app.getresponse.com ga.getresponse.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com stats.g.doubleclick.net; img-src 'self' data: *; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-o32WzMMhvSPLRJKmJ/DUerA9' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; frame-ancestors 'self' 1 font-src *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' www.gstatic.com recommendations.unbxdapi.com request.eprotect.vantivcnp.com ws.sharethis.com cdn.bronto.com www.googletagmanager.com *.sharethis.com connect.facebook.net www.google.com www.google-analytics.com www.ecklers.com js-agent.newrelic.com *.cloudfront.net *.cloudflare.com *.murdoog.com cdn.bc0a.com bat.bing.com bam.nr-data.net app.userid.io cdn.b0e8.com ecklers.needle.com www.googleadservices.com aa.agkn.com www.upsellit.com h.online-metrix.net rabbit-production.ecklers.com bam-cell.nr-data.net googleads.g.doubleclick.net sp.analytics.yahoo.com api.datasteam.io cdn.datasteam.io search.unbxd.io 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.readspeaker.com hello.myfonts.net fonts.googleapis.com; frame-src *.youtube.com player.vimeo.com; child-src *.youtube.com player.vimeo.com; report-uri /report-csp-violation 1 connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org ; form-action 'none' data: blob: ; report-uri /csp_report 1 block-all-mixed-content;child-src blob:;connect-src 'self' d2xg8ju40huerl.cloudfront.net guidefitterconfidential.s3.amazonaws.com s3.amazonaws.com/upload.guidefitter.com/ https://*.facebook.com https://*.zendesk.com https://*.zdassets.com wss://widget-mediator.zopim.com https://*.zopim.com https://*.authorize.net https://vimeo.com https://*.vimeo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://us-street.api.smartystreets.com https://guidefitter.bamboohr.com *.dca0.com https://*.mapbox.com guidefitterconfidential.s3.us-east-1.amazonaws.com s3.us-east-1.amazonaws.com/upload.guidefitter.com/;default-src 'self' d2xg8ju40huerl.cloudfront.net d355xasdm6a1ty.cloudfront.net;font-src 'self' *.typekit.net fonts.gstatic.com data:;frame-src 'self' https://www.facebook.com https://connect.facebook.net fbrpc://call player.vimeo.com https://www.youtube.com https://widget-prime.rafflecopter.com;img-src * blob: data:;media-src 'self' *.zdassets.com shop.guidefitter.com google.com;script-src 'self' d2xg8ju40huerl.cloudfront.net d355xasdm6a1ty.cloudfront.net https://*.zdassets.com https://*.zopim.com https://*.authorize.net https://*.cdn-apple.com https://connect.facebook.net player.vimeo.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com 'unsafe-inline' 'unsafe-eval' blob: data: https://*.mapbox.com https://*.adroll.com https://*.adroll.mgr.consensu.org https://*.dca0.com https://widget-prime.rafflecopter.com https://snap.licdn.com;style-src 'self' *.typekit.net d2xg8ju40huerl.cloudfront.net d355xasdm6a1ty.cloudfront.net 'unsafe-inline';report-to default;report-uri https://guidefitter.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.es ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.es *.spreadshirt.es ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.es ; font-src 'self' https: data: *.spreadshirt.es ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.es ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.es ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 font-src maxcdn.bootstrapcdn.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.authorize.net *.sharethis.mgr.consensu.org *.sharethis.com *.doubleclick.net data: 'self' *.yieldify.com *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.paypal.com data: *.cheesecake.com.au *.doubleclick.net *.pinterest.com *.topbuzz.com *.facebook.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.paypal.com *.assets.adobedtm.com *.sharethis.com *.googleadservices.com *.google.com *.gstatic.com *.bronto.com *.googleapis.com *.brontops.com *.cardinalcommerce.com *.signifyd.com *.adform.net *.pinimg.com *.tiktok.com *.yieldify.com *.ibytedtos.com *.ipstatp.com *.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.sharethis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.cardinalcommerce.com *.bronto.com *.brontops.com *.doubleclick.net *.pinterest.com *.tiktok.com *.google-analytics.com *.adform.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cheesecake.com.au/; report-to report-endpoint; 1 default-src 'self' duncker-humblot.de www.duncker-humblot.de captcha.wirth-horn.de cookiemanager.wirth-horn.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com *.tdotperformance.ca tdotperformance.ca *.cloudfront.net app.paybright.com static.getclicky.com www.dwin1.com cdn.perfdrive.com static.klaviyo.com bat.bing.com *.optnmstr.com www.googletagmanager.com 647b75a99b7b.cdn4.forter.com in.getclicky.com www.google-analytics.com www.googleadservices.com static.hotjar.com connect.facebook.net *.omappapi.com googleads.g.doubleclick.net fast.a.klaviyo.com www.google.com maps.googleapis.com tdotperformance.com www.tdotperformance.com script.hotjar.com; worker-src 'self' blob: *.tdotperformance.ca 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://js-agent.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://static.addtoany.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google-analytics.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com https://*.google.com https://*.webspellchecker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com r.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://i.ytimg.com https://*.ytimg.com https://*.googleapis.com; media-src 'self' data: http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://stats.g.doubleclick.net; frame-src https://*.webspellchecker.net https://static.addtoany.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://maps.google.com https://player.vimeo.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://stats.addtoany.com https://stats.g.doubleclick.net https://www.google-analytics.com; report-uri /report-csp-violation 1 default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epixnow.com https://api.mixpanel.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; script-src 'self' 'unsafe-inline' blob: data: https://*.epixnow.com https://api.mixpanel.com/ https://www.google.com/ https://www.gstatic.com/ https://recaptcha.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://analytics.twitter.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://static.ads-twitter.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.krxd.net/ https://*.doubleclick.net/ https://cdn.polyfill.io/ https://cdnjs.cloudflare.com/ ; connect-src https://*.epixnow.com/ https://epixnow.com/ https://api.mixpanel.com/ https://stats.g.doubleclick.net/ https://sentry.io/ https://epixhlsxtrts-i.akamaihd.net ; img-src 'self' https://*.epixnow.com https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com.ar/ https://www.google.com.ua/ https://www.google.ro/ https://www.google.ae/ https://t.co/ https://www.facebook.com/ https://jslog.krxd.net/ https://beacon.krxd.net/ data: ; style-src 'self' 'unsafe-inline'; font-src data: https://*.epixnow.com/ https://epixnow.com/ ; frame-src https://9089879.fls.doubleclick.net/ https://cdn.krxd.net/ https://bid.g.doubleclick.net/ ; media-src blob: https://epixwebapp-vh.akamaihd.net/ ; worker-src blob: ; report-uri https://sentry.io/api/1229739/security/?sentry_key=fc99f2d07f6e472681f711aa39fdfe3d&sentry_environment=prod 1 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://blogscanada.ca/z-log.php 1 default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com; script-src 'strict-dynamic' 'nonce-51ab63b8f64e49cc5b46c63e65cd78d8' 'nonce-5d21b5df7d8049931a93f2f3360b6660' 'nonce-3ba91b70d3d6f6d4b124d936e06de238' 'nonce-f2181c5ff1caf30278cf980a4a041d8b' 'nonce-cbf083b21143229853f3ba525822dd49' 'nonce-2b7b6cce41c3d00676fcdcfb5a0bed29' 'nonce-081385926ac94ab635ae4002f5cafb84' 'nonce-e267541d98abf6e9229178792e7c7b86' 'nonce-9ea9abd36eaa11b63cadffd3d9219f2d' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.smartmobil.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-51ab63b8f64e49cc5b46c63e65cd78d8' 'nonce-5d21b5df7d8049931a93f2f3360b6660' 'nonce-3ba91b70d3d6f6d4b124d936e06de238' 'nonce-f2181c5ff1caf30278cf980a4a041d8b' 'nonce-cbf083b21143229853f3ba525822dd49' 'nonce-2b7b6cce41c3d00676fcdcfb5a0bed29' 'nonce-081385926ac94ab635ae4002f5cafb84' 'nonce-e267541d98abf6e9229178792e7c7b86' 'nonce-9ea9abd36eaa11b63cadffd3d9219f2d' 'self' https: 'report-sample' 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.zopim.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net *.hubspot.com 'unsafe-eval' unpkg.com/feather-icons *.hs-scripts.com *.visualwebsiteoptimizer.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.js.usemessages.com *.bootstrapcdn.com *.doubleclick.net *.albacross.com js.usemessages.com/conversations-embed.js js.hsforms.net/forms/v2.js; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self' *.hubspot.com *.doubleclick.net; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com data: wss:; connect-src 'self' *.hubspot.com *.hubapi.com; report-uri /report-csp-violation 1 default-src 'self' data: *.hotjar.com *.hotjar.io *.googleusercontent.com *.cloud.google.com *.fontawesome.com *.contentsquare.net *.gstatic.com *.reevoo.com *.jsdelivr.net; img-src 'self' data: https: *.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.golfbreaks.com *.reevoo.com *.fontawesome.com *.jsdelivr.net; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' *.reevoo.com *.trustpilot.com *.fontawesome.com *.contentsquare.net *.newrelic.com *.contentstack.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.videodelivery.net *.googleadservices.com *.analytics.yahoo.com *.googletagmanager.com *.salesforceliveagent.com *.facebook.net *.jsdelivr.net *.bing.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.tiqcdn.com *.yimg.com *.golfbreaks.com bam.eu01.nr-data.net google.com polyfill.io https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js; connect-src 'self' *.reevoo.com *.bing.com *.tealiumiq.com *.google-analytics.com *.googleusercontent.com *.salesforceliveagent.com images.contentstack.io *.contentsquare.net *.yimg.com *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.fontawesome.com *.doubleclick.net accounts.google.com sentry.io videodelivery.net bam.eu01.nr-data.net; font-src 'self' data: *.reevoo.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.fontawesome.com *.jsdelivr.net *.gstatic.com; frame-src 'self' *.doubleclick.net *.autoeurope.com *.trustpilot.com *.doubleclick.net *.videodelivery.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.reevoo.com *.facebook.com *.tealiumiq.com; child-src 'self' blob: *; media-src 'self' blob: *.google.com https://storage.googleapis.com/golfbreaks_public/ videodelivery.net *.googleusercontent.com; form-action 'self' golfbreaks.secure.force.com *.facebook.com *.tealiumiq.com *.cs110.force.com *.salesforceliveagent.com; frame-ancestors 'none'; object-src 'none'; report-uri https://o246236.ingest.sentry.io/api/1470514/security/?sentry_key=aaa779434b65427fa3608b8938255828 1 default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=bonusweb&d=2021-01-15 1 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://b665164c4fb2875cf6d57e97c5ceb8d2.report-uri.com/r/d/csp/reportOnly 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://rec.smartlook.com rec.smartlook.com https://ekr.zdassets.com ekr.zdassets.com https://*.zopim.com *.zopim.com wss://widget-mediator.zopim.com https://*.searchiq.co *.searchiq.co; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net use.typekit.net https://*.zopim.com *.zopim.com https://*.searchiq.co *.searchiq.co data:; form-action 'self' https://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com youtube.com https://*.twitter.com *.twitter.com https://*.doubleclick.net *.doubleclick.net; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.google.com www.google.com https://www.google.co.uk www.google.co.uk https://t.co t.co https://www.facebook.com www.facebook.com https://v2.zopim.com v2.zopim.com https://*.doubleclick.net *.doubleclick.net https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com https://*.searchiq.co *.searchiq.co blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com www.googleadservices.com https://*.googleapis.com *.googleapis.com https://*.doubleclick.net *.doubleclick.net https://v2.zopim.com v2.zopim.com https://static.zdassets.com static.zdassets.com https://*.twitter.com *.twitter.com https://static.ads-twitter.com static.ads-twitter.com https://*.facebook.net *.facebook.net https://rec.smartlook.com rec.smartlook.com https://*.twimg.com *.twimg.com https://*.searchiq.co *.searchiq.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://*.googleapis.com *.googleapis.com https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com https://*.searchiq.co *.searchiq.co 'unsafe-inline'; 1 font-src *.typekit.net *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.doubleclick.net *.google.com *.braintreegateway.com *.paypal.com *.kaptcha.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.geotrust.com *.typekit.net *.bing.com *.google.com *.doubleclick.net *.ywxi.net *.powerreviews.com *.cloudinary.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.typekit.net *.doubleclick.net *.rackcdn.com *.geotrust.com *.bing.com *.google.com *.gstatic.com *.powerreviews.com *.braintreegateway.com *.paypal.com *.braintree-api.com *.msn.com *.yimg.com *.yahoo.com *.iesnare.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.doubleclick.net *.powerreviews.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.doubleclick.net *.powerreviews.com *.braintree-api.com *.braintreegateway.com *.bing.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fpartners&source%5Buuid%5D=5c88deb6d627226f9ef1508dd9912bb4 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' * ; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-ancestors https://www.torfx.com http://www.torfx.com 'self' *.torfx.com https://www.torfx.com/; font-src * 'unsafe-inline'; report-uri /tfx-csp-violation-report-endpoint.php; 1 default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com script.crazyegg.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.kr&source%5Bsection%5D=brochure&source%5Buuid%5D=5c54baaf329189017cc67b676114d70c 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://2gub4a67k9.execute-api.eu-central-1.amazonaws.com/csp/ 1 font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.fontawesome.com *.facebook.net *.authorize.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: ; script-src https: 'unsafe-inline'; img-src https: ; style-src https: 'unsafe-inline' ; block-all-mixed-content; report-uri https://uflib.report-uri.com/r/d/csp/reportOnly 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://pcls.report-uri.com/r/d/csp/reportOnly 1 "default-src 'self' live.adyen.com *.online-metrix.net *.queue-it.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clic2buy.com *.force.com *.maxymiser.net *.mathtag.com *.ads-twitter.com *.mlstatic.com *.twitter.com *.instagram.com *.nescafe.es checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.criteo.com *.criteo.net *.facebook.net *.en25.com *.krxd.net *.googleapis.com *.youtube.com *.fusepump.com *.serving-sys.com *.moatads.com *.addthisedge.com *.quantserve.com *.quantcount.com *.oppwa.com *.googleadservices.com *.bkrtx.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.evidon.com *.betrad.com *.google-analytics.com *.google.com *.googletagmanager.com *.addthis.com live.adyen.com *.queue-it.net *.salesforceliveagent.com *.online-metrix.net *.ytimg.com; style-src 'self' 'unsafe-inline' *.force.com *.googleapis.com *.fusepump.com; font-src 'self' data: *.sfdcstatic.com *.gstatic.com 'unsafe-inline'; img-src 'self' t.co *.kantarworldpanel.fr *.google.ro *.mlstatic.com http://imgmp.mlstatic.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.quantserve.com *.w.org *.dolce-gusto.co.kr dolce-gusto.co.kr *.dolce-gusto.com *.dolce-gusto.es *.gstatic.com *.googleapis.com *.fusepump.com *.eloqua.com *.google.com *.facebook.com *.doubleclick.net 'unsafe-inline' *.dolce-gusto.co.kr dolce-gusto.co.kr *.google-analytics.com *.googletagmanager.com *.online-metrix.net *.youtube.com *.betrad.com *.evidon.com data: *.krxd.net *.yahoo.com *.pump.to *.pubmatic.com *.stickyadstv.com *.yieldmo.com *.taboola.com *.e-planning.net *.tremorhub.com *.liadm.com *.outbrain.com *.rubiconproject.com *.smaato.net *.360yield.com *.openx.net *.pubmatic.com *.casalemedia.com *.3lift.com *.advertising.com *.teads.tv *.omnitagjs.com *.media.net *.bidswitch.net *.sharethrough.net *.criteo.com *.adnxs.com *.adform.net *.smartadserver.com *.ivitrack.com *.amazon-adsystem.com *.sharethrough.com *.turn.com *.adsrvr.org *.cdglb.com *.bnmla.com *.postrelease.com *.adscale.de *.twiago.com *.yieldlab.net *.smartclip.net *.addthis.com *.yandex.ru *.demdex.net *.mail.ru *.socdm.com *.facebook.net *.ytimg.com; connect-src 'self' *.mercadopago.com *.google-analytics.com *.doubleclick.net *.fusepump.com *.analyze.ly *.nr-data.net 'unsafe-inline' *.facebook.com *.dolce-gusto.co.kr dolce-gusto.co.kr *.online-metrix.net *.addthis.com *.sessioncam.com *.postcodeanywhere.co.uk; frame-src 'self' *.doubleclick.net *.dolce-gusto.co.kr dolce-gusto.co.kr *.postfinance.ch *.online-metrix.net *.addthis.com *.krxd.net *.facebook.com *.criteo.net *.youtube.com *.twitter.com dolce-gusto.co.kr *.dolce-gusto.co.kr *.mercadolibre.com *.mathtag.com *.force.com *.amazon-adsystem.com *.click2buy.com" 1 report-uri https://www.yelp.com/csp_report_only?id=bd4f0fcea379280c&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610689946; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 default-src * 'unsafe-inline' data: blob: ;frame-ancestors 'self'; report-uri https://16f5f5ea60e86cd63289a2976fd4845c.report-uri.com/r/d/csp/reportOnly 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; script-src 'self' https:; style-src 'self' https:; img-src https: data: 'self'; object-src https: 'self'; font-src https: 'self'; connect-src https: 'self'; frame-ancestors 'self'; worker-src blob: https: 'self' 1 connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage®ion=US&lang=en-US&device=desktop&yrid=a0ltettg027t9&partner=; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com *.exair.com *.addthis.com *.moatads.com connect.facebook.net www.googletagmanager.com ajax.googleapis.com bat.bing.com www.google-analytics.com static.ads-twitter.com snap.licdn.com v1.addthisedge.com analytics.twitter.com www.gstatic.com *.google.com 1 default-src * 'unsafe-inline'; base-uri 'self'; font-src * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' www.googletagmanager.com www.google-analytics.com www.clio.com/wp-content/themes/; report-uri https://5fd7afb447ef7c02ddc12039.endpoint.csper.io 1 default-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.fontawesome.com https://www.googletagmanager.com https://connect.facebook.net https://ws.sharethis.com https://ga.getresponse.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://crm.zoho.com https://c.sharethis.mgr.consensu.org https://l.sharethis.com https://ga.getresponse.com https://www.google.com 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.cubii.com cubii.com static.zdassets.com cdn.krxd.net consumer.krxd.net c.paypal.com beacon.krxd.net www.google-analytics.com www.google.com www.gstatic.com static.zdassets.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com *.cloudmaestro.com *.cloudflare.com www.googleadservices.com www.paypalobjects.com acsbapp.com static.klaviyo.com acsbap.com staticw2.yotpo.com embed.typeform.com bat.bing.com js.braintreegateway.com widget-mediator.zopim.com connect.facebook.net www.paypal.com fast.a.klaviyo.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://connect.facebook.net https://api.instagram.com https://maps.googleapis.com https://bat.bing.com https://cdn.demio.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://scontent.cdninstagram.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com data:; object-src https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net; frame-src https://www.google.com https://www.facebook.com https://disqus.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report 1 default-src 'self'; script-src 'self' https://c0.wp.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://partner.googleadservices.com https://www.google.com https://www.gstatic.com https://cdn.trustindex.io https://www.googletagservices.com https://tpc.googlesyndication.com unsafe-eval https://ajax.googleapis.com https://adservice.google.com.ec https://adservice.google.com.gt https://adservice.google.com.mx https://cdn.ampproject.org https://adservice.google.es https://gc.kis.v2.scr.kaspersky-labs.com https://adservice.google.com.co https://adservice.google.ie https://adservice.google.co.ve https://adservice.google.com.cu https://adservice.google.com.sv https://adservice.google.cl https://adservice.google.com.ar https://adservice.google.com.pe https://adservice.google.com.ua https://connect.facebook.net https://adservice.google.co.in https://adservice.google.com.ni 'unsafe-inline'; script-src-elem 'self'; style-src 'self' https://c0.wp.com https://fonts.googleapis.com https://code.jquery.com https://gc.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; connect-src 'self' https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com.do https://adservice.google.com https://www.google.com.gt https://cdn.ampproject.org https://www.googletagmanager.com https://www.google.com.ec https://www.google.es https://www.google.com.mx https://www.google.co.ve https://csi.gstatic.com https://rankmathapi.com https://www.google.com.ar https://www.google.cl https://www.google.com.pe https://www.google.com.co; img-src 'self' data: https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://lh3.googleusercontent.com https://cdn.trustindex.io https://www.google.com.do https://i2.wp.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://www.googletagmanager.com https://s.w.org https://image.thum.io https://www.google.com.ec https://www.google.com.gt https://ps.w.org https://c0.wp.com https://www.google.es https://www.google.com.co https://www.google.com.mx https://www.google.co.ve https://www.google.com.cu https://www.google.com.sv https://www.google.com.br https://www.facebook.com https://www.google.com.pa https://www.google.cl https://www.google.com.pe https://www.google.com.ua https://www.google.ie https://www.google.co.in https://www.google.com.ar; frame-src 'self' https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://www.google.com; font-src 'self' https://fonts.gstatic.com data: https://c0.wp.com https://cdn.trustindex.io; report-uri https://idegrafico.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1609978274 1 upgrade-insecure-requests;default-src 'self' 'nonce-3ToPFINw6VQ=' 'unsafe-inline' 'unsafe-eval' biz-file.com *.google-analytics.com *.effectivemeasure.net *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.googleapis.com *.gstatic.com *.googleadservices.com adservice.google.com adservice.google.co.za cdn.ampproject.org cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js *.iono.fm;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com cdnjs.cloudflare.com/ajax/libs/font-awesome;font-src 'self' data: *.gstatic.com;img-src 'self' data: biz-file.com *.google-analytics.com *.effectivemeasure.net *.doubleclick.net *.googlesyndication.com www.google.com;frame-ancestors 'self' *.iono.fm; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com www.google-analytics.com www.google.com www.googletagmanager.com chart.googleapis.com www.gstatic.com libs.na.bambora.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.egbc.ca data: i.ytimg.com cdn.na.bambora.com *.wistia.com embedwistia-a.akamaihd.net www.google-analytics.com www.googletagmanager.com apply.indeed.com; font-src 'self' data: fonts.gstatic.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; connect-src 'self' *.wistia.com embedwistia-a.akamaihd.net www.google-analytics.com *.litix.io; worker-src 'self' blob:; frame-src 'self' www.youtube.com www.google.com libs.na.bambora.com *.wistia.com; report-uri https://egbc.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: s.ytimg.com www.youtube.com www.googletagmanager.com www.google-analytics.com cdn.mouseflow.com static.hotjar.com connect.facebook.net script.hotjar.com js-agent.newrelic.com bam.nr-data.net www.google.com www.gstatic.com f24.org maps.googleapis.com ssp.deepmap.de cdnjs.cloudflare.com cdn.rawgit.com *.mapsindoors.com; connect-src 'self' insights.hotjar.com stats.g.doubleclick.net www.bing.com www.google-analytics.com ws://www.olma-messen.ch o2.mouseflow.com *.facebook.com *.mapsindoors.com; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com *.mapsindoors.com; font-src 'self' data: fonts.gstatic.com; object-src 'self'; worker-src www.google.com; frame-ancestors 'self'; frame-src 'self' data: www.youtube.com vars.hotjar.com www.facebook.com www.google.com curationwall.com connect.facebook.net www.googletagmanager.com clients.mapsindoors.com; base-uri 'self'; form-action 'self' www.facebook.com connect.facebook.net; manifest-src 'self'; media-src 'self'; report-uri https://unic.report-uri.com/r/d/csp/reportOnly; report-to cspro; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 1 font-src *.sagepay.com *.fontawesome.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.sagepay.com *.avada.io https://cdnjs.cloudflare.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com static.searchanise.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com searchanise-ef84.kxcdn.com s3.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://sp.report-uri.com/r/default/csp/reportOnly 1 child-src 'self' blob:; connect-src 'self' https://*.addthis.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleusercontent.com https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://yoast.com wss: wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' data: https://*.fontawesome.com https://*.gstatic.com https://*.intercomcdn.com https://*.jarrt.com https://github.com; frame-src 'self' 'unsafe-inline' https://*.addthis.com https://*.cookiebot.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.youtube.com https://announcekit.app wss://*.hotjar.com; img-src 'self' blob: data: https://*.ads.linkedin.com https://*.adsymptotic.com https://*.amazonaws.com https://*.buzzfeed.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.* https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.onedio.com https://*.w.org https://*.webrazzi.com https://*.ytimg.com https://bigumigu.com https://mcusercontent.com https://mediacat.com https://minisrclink.cool; manifest-src 'self'; media-src 'self' https://*.intercomcdn.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.addthis.com https://*.announcekit.app https://*.capterra.com https://*.cloudflare.com https://*.cookiebot.com https://*.facebook.net https://*.fontawesome.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.mailchimp.com https://*.moatads.com https://*.sentry-cdn.com https://*.us4.list-manage.com https://minisrclink.cool wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' https://*.announcekit.app https://*.cloudflare.com https://*.fontawesome.com https://*.googleapis.com https://*.mailchimp.com https://dotoast.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_dc25752798ba603ace41b73cc99c9d0c 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-NzQyNTEyNyw0ODMxMDk='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 font-src *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net store.paradoxlabs.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.braintreegateway.com *.kaptcha.com *.cardinalcommerce.com *.mention-me.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.nosto.com *.mention-me.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com cdn.dnky.co api.comapi.com webchat.dotdigital.com invitejs.trustpilot.com polyfill.io connect.nosto.com www.google.com *.gstatic.com *.zendesk.com *.zdassets.com *.mention-me.com *.trustpilot.com *.googleapis.com *.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.comapi.com webchat.dotdigital.com connect.nosto.com *.algolia.net *.zendesk.com *.zdassets.com *.zopim.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.trustpilot.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'none'; report-uri /csp_logger/; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: bat.bing.com widget-mediator.zopim.com cdn.callreports.com googleads.g.doubleclick.net js.callrail.com res.cloudinary.com s3.amazonaws.com secure.leadforensics.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net secure.leadforensics.com www.woodlandmanufacturing.com www.googleadservices.com *.pinimg.com connect.facebook.net *.gstatic.com *.wistia.com *.olark.com *.nextopiasoftware.com *.flattr.com *.trustpilot.com 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.youtube.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.googleapis.com *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.youtube.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/hicare-payment/; report-to report-endpoint; 1 frame-ancestors none; report-uri /report-csp-violation 1 script-src 'nonce-oPu3eA3XaCZnuifggC2RJQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/startup_google_com; base-uri 'none' 1 default-src 'self'; child-src https://www.google.com/recaptcha/ https://staticxx.facebook.com/ https://accounts.google.com/; connect-src 'self' https://graph.facebook.com https://elparking.zendesk.com https://parkingdoor.zendesk.com https://parkingsupport.zendesk.com wss://elparking.zendesk.com wss://parkingdoor.zendesk.com wss://parkingsupport.zendesk.com wss://*.zopim.com https://ekr.zdassets.com https://api.stripe.com https://sentry.io https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://bam.nr-data.net https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://www.google.es www.google.es; font-src 'self' https://elparking.com https://parkingdoor.com https://plock.app https://s3-eu-west-1.amazonaws.com/elparking-static/fonts/ https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://www.google.com/recaptcha/ https://staticxx.facebook.com https://accounts.google.com https://js.stripe.com https://hooks.stripe.com https://hal9000.redintelligence.net https://www.facebook.com; img-src 'self' https://* https://csi.gstatic.com/csi data:; object-src; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/pagead/ https://apis.google.com https://connect.facebook.net https://static.zdassets.com https://assets.zendesk.com/ https://elparking.zendesk.com https://parkingdoor.zendesk.com https://parkingsupport.zendesk.com https://js.stripe.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://elparking.com https://parkingdoor.com https://plock.app https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline'; report-uri https://sentry.io/api/1534603/security/?sentry_key=22f53bcdeed54f66b87349c5dd7178ab&sentry_environment=prod; report-to https://sentry.io/api/1534603/security/?sentry_key=22f53bcdeed54f66b87349c5dd7178ab&sentry_environment=prod; 1 default-src 'self' data: *.aldi-international.com *.gstatic.com; form-action 'self'; frame-ancestors 'self' dostava.hofer.si; frame-src 'self' www.google.com *.facebook.com *.twitter.com g.jwpsrv.com www.youtube.com platform.liquidus.net app.nexuspublications.com.au cpc.elettershop.de 'self' tpc.googlesyndication.com; script-src 'self' data: *.aldi-international.com *.pinterest.com *.facebook.com *.twitter.com *.ytimg.com *.aldi-sued.com 'unsafe-inline' 'unsafe-eval' app.nexuspublications.com.au platform.liquidus.net www.yellowmap.de ssl.p.jwpcdn.com www.youtube.com *.googletagmanager.com cdn.ad.server.iprom.net *.iprom.net googleads.g.doubleclick.net www.googleadservices.com tpc.googlesyndication.com www.google.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.iprom.net *.aldi-international.com; img-src 'self' data: https:; report-uri /CspReportLogger.php; 1 font-src staticw2.yotpo.com fonts.gstatic.com demo.klevu.com js.klevu.com *.amazonaws.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.returnado.com www.google.com vars.hotjar.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com demo.mention-me.com mention-me.com *.bglobale.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.returnado.com *.fitanalytics.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com data: p.yotpo.com cdn-yotpo-images-production.yotpo.com f.monetate.net online.adservicemedia.dk px.ads.linkedin.com www.google.* googleads.g.doubleclick.net www.facebook.com demo.klevu.com js.klevu.com *.bglobale.com *.global-e.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com *.returnado.com bs.serving-sys.com cdn-akamai.mookie1.com secure.adnxs.com cdn.themessagecloud.com cdn.avmws.com s.go-mpulse.net js-agent.newrelic.com staticw2.yotpo.com se.monetate.net f.monetate.net cdn.scarabresearch.com static.scarabresearch.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com snap.licdn.com *.cloudfront.com *.cloudfront.net analytics.webgains.io online.adservicemedia.dk googleads.g.doubleclick.net polyfill.spinnaker-js.com *.fitanalytics.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com tag-demo.mention-me.com static-demo.mention-me.com *.bglobale.com static.hotjar.com script.hotjar.com js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com staticw2.yotpo.com fonts.googleapis.com js.klevu.com *.bglobale.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.returnado.com staticw2.yotpo.com api.yotpo.com ws.sessioncam.com www.google-analytics.com stats.g.doubleclick.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com recommender.scarabresearch.com apil1.spinnaker-js.com *.fitanalytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://www.googleadservices.com https://www.googleadservices.com http://connect.facebook.net https://connect.facebook.net http://platform.twitter.com https://platform.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://analytics.twitter.com https://analytics.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cloud.typography.com/ https://cloud.typography.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://www.robinskaplan.com/; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' data: http://cloud.typography.com https://cloud.typography.com https://www.robinskaplan.com; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com http://analytics.clickdimensions.com https://analytics.clickdimensions.com http://bid.g.doubleclick.net/ https://bid.g.doubleclick.net/; 1 font-src *.gstatic.com *.googleapis.com smhttp-ssl-85991.nexcesscdn.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.nosto.com *.nos.to *.hotjar.com *.trustpilot.com smhttp-ssl-85991.nexcesscdn.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.nosto.com *.nos.to *.ometria.com *.trust-provider.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.ytimg.com *.cloudfront.net 'self' data: smhttp-ssl-85991.nexcesscdn.net maxcdn.bootstrapcdn.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.nosto.com *.nos.to *.trust-provider.com *.trustpilot.com *.popupdomination.com *.criteo.net *.licdn.com *.ometria.com *.facebook.net *.riskified.com *.google-analytics.com *.gstatic.com *.google.com *.amazon.co.uk *.amazon.com smhttp-ssl-85991.nexcesscdn.net *.avada.io www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.nosto.com *.nos.to *.googleapis.com savile-row.whoson.com *.gstatic.com *.trustedshops.com *.usercentrics.eu smhttp-ssl-85991.nexcesscdn.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.nosto.com *.nos.to *.trustpilot.com *.paypal.com *.payments-amazon.com smhttp-ssl-85991.nexcesscdn.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 child-src 'self'; connect-src 'self' http://*.google-analytics.com https://*.amplitude.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com https://*.nr-data.net https://*.pusher.com https://*.stream-io-api.com wss://*.intercom.io wss://*.pusher.com wss://*.pusher.com:443 wss://*.stream-io-api.com; default-src 'self'; font-src 'self' https://*.cloudflare.com https://*.fontawesome.com https://*.gstatic.com https://*.intercomcdn.com; frame-src 'self' https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.snapchat.com https://*.youtube.com https://slimfaq.com; img-src 'self' http://*.google-analytics.com http://t.co https://*.facebook.com https://*.fbsbx.com https://*.fprg2-1.fna.fbcdn.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ca https://*.google.ch https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.gh https://*.google.com.gi https://*.google.com.uy https://*.google.cz https://*.google.ie https://*.google.it https://*.google.nl https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.nr-data.net https://*.paypalobjects.com https://*.playerslounge.co https://*.slimfaq.com https://t.co; manifest-src 'self'; media-src 'self' https://*.intercomcdn.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.ads-twitter.com http://*.facebook.net http://*.google-analytics.com http://*.googleadservices.com https://*.ads-twitter.com https://*.amplitude.com https://*.berbix.com https://*.cloudflare.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://*.ravepay.co https://*.slimfaq.com https://*.tiktok.com https://*.twitter.com https://sc-static.net wss://*.intercom.io wss://*.pusher.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.cloudflare.com https://*.fontawesome.com https://*.googleapis.com https://*.slimfaq.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_24bafb4d41412e492b326a58c4bdb066 1 default-src 'self';base-uri 'self' https://*.microsoft.com https://*.skype.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.azure.net https://*.s-microsoft.com https://*.ytimg.com https://www.youtube.com https://*.microsoft.com https://*.skypeassets.com https://*.clicktale.net https://*.wx-int.trafficmanager.net https://*.wx-int.skype.com https://*.skype.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net https://connect.facebook.net/;style-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.skype.com https://*.skypeassets.com https://*.microsoft.com https://*.s-microsoft.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net;img-src 'self' data: blob: https://docs.botframework.com https://bot-framework.azureedge.net https://*.skype.com https://*.skypeassets.com https://c.microsoft.com https://*.clicktale.net https://*.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://www.facebook.com https://*.msecnd.net https://ad.doubleclick.net https://adservice.google.com;font-src data: https://*.skypeassets.com https://*.s-microsoft.com https://*.microsoft.com https://assets.onestore.ms https://*.skype.com https://fonts.gstatic.com;media-src 'self' data: blob: https://*.skypeassets.com https://*.skype.com;connect-src https://*.skype.com https://*.clicktale.net https://*.microsoft.com https://*.live.com https://*.skypeassets.com wss://*.trouter.skype.com https://web.vortex.data.microsoft.com https://prod-video-cms-rt-microsoft-com.akamaized.net https://eus-streaming-video-rt-microsoft-com.akamaized.net https://wus-streaming-video-rt-microsoft-com.akamaized.net;object-src 'none';frame-ancestors 'none';frame-src 'self' https://*.microsoft.com https://*.skype.com https://*.live.com https://www.youtube.com;form-action https://login.skype.com;report-uri https://edge.skype.com/r/c; 1 "default-src 'self' live.adyen.com *.online-metrix.net *.queue-it.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mercadopago.com *.clic2buy.com *.force.com *.maxymiser.net *.mathtag.com *.ads-twitter.com *.mlstatic.com *.twitter.com *.instagram.com *.nescafe.es checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.criteo.com *.criteo.net *.facebook.net *.en25.com *.krxd.net *.googleapis.com *.youtube.com *.fusepump.com *.serving-sys.com *.moatads.com *.addthisedge.com *.quantserve.com *.quantcount.com *.oppwa.com *.googleadservices.com *.bkrtx.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.evidon.com *.betrad.com *.google-analytics.com *.google.com *.googletagmanager.com *.addthis.com live.adyen.com *.queue-it.net *.salesforceliveagent.com *.online-metrix.net *.ytimg.com; style-src 'self' 'unsafe-inline' *.force.com *.googleapis.com *.fusepump.com; font-src 'self' data: *.sfdcstatic.com *.gstatic.com 'unsafe-inline'; img-src 'self' t.co *.kantarworldpanel.fr *.google.ro *.mlstatic.com http://imgmp.mlstatic.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.quantserve.com *.w.org *.dolce-gusto.com.mx dolce-gusto.com.mx *.dolce-gusto.com *.dolce-gusto.es *.gstatic.com *.googleapis.com *.fusepump.com *.eloqua.com *.google.com *.facebook.com *.doubleclick.net 'unsafe-inline' *.dolce-gusto.com.mx dolce-gusto.com.mx *.google-analytics.com *.googletagmanager.com *.online-metrix.net *.youtube.com *.betrad.com *.evidon.com data: *.krxd.net *.yahoo.com *.pump.to *.pubmatic.com *.stickyadstv.com *.yieldmo.com *.taboola.com *.e-planning.net *.tremorhub.com *.liadm.com *.outbrain.com *.rubiconproject.com *.smaato.net *.360yield.com *.openx.net *.pubmatic.com *.casalemedia.com *.3lift.com *.advertising.com *.teads.tv *.omnitagjs.com *.media.net *.bidswitch.net *.sharethrough.net *.criteo.com *.adnxs.com *.adform.net *.smartadserver.com *.ivitrack.com *.amazon-adsystem.com *.sharethrough.com *.turn.com *.adsrvr.org *.cdglb.com *.bnmla.com *.postrelease.com *.adscale.de *.twiago.com *.yieldlab.net *.smartclip.net *.addthis.com *.yandex.ru *.demdex.net *.mail.ru *.socdm.com *.facebook.net *.ytimg.com; connect-src 'self' *.mercadopago.com *.google-analytics.com *.doubleclick.net *.fusepump.com *.analyze.ly *.nr-data.net 'unsafe-inline' *.facebook.com *.dolce-gusto.com.mx dolce-gusto.com.mx *.online-metrix.net *.addthis.com *.sessioncam.com *.postcodeanywhere.co.uk; frame-src 'self' *.doubleclick.net *.dolce-gusto.com.mx dolce-gusto.com.mx *.postfinance.ch *.online-metrix.net *.addthis.com *.krxd.net *.facebook.com *.criteo.net *.youtube.com *.twitter.com dolce-gusto.com.mx *.dolce-gusto.com.mx *.mercadolibre.com *.mathtag.com *.force.com *.amazon-adsystem.com *.cybersource.com *.click2buy.com" 1 block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.archive-it.org archive-it.org *.qa-archive-it.org qa-archive-it.org archive.org *.archive.org https://*.archive-it.org https://archive-it.org https://*.qa-archive-it.org https://qa-archive-it.org https://archive.org https://*.archive.org data: blob: ; frame-src 'self' *.archive-it.org archive-it.org *.qa-archive-it.org qa-archive-it.org archive.org *.archive.org https://*.archive-it.org https://archive-it.org https://*.qa-archive-it.org https://qa-archive-it.org https://archive.org https://*.archive.org ; report-uri https://partner.archive-it.org/csp-report 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.hotjar.com *.govets.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.addthis.com *.pinterest.com *.hotjar.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.svgrepo.com *.bing.com *.govets.com www.google.com stats.g.doubleclick.net static.cloudflareinsights.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io maps.googleapis.com *.googleapis.com *.googletagmanager.com *.gstatic.com http://maps.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.dwin1.com *.hotjar.com *.bing.com *.zdassets.com *.maxmind.com *.noibu.com *.cloudfront.net *.govets.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com www.google.com stats.g.doubleclick.net static.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com https://www.google-analytics.com https://stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.zendesk.com wss://widget-mediator.zopim.com *.mmapiws.com wss://*.noibu.com *.noibu.com *.bing.com *.govets.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com store.paradoxlabs.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; font-src 'self' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; img-src 'self' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com https://googleadservices.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://aakashhealthcare.com/report-uri/reportOnly 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 1 frame-ancestors 'self'; default-src 'self'; script-src maps.googleapis.com server.adform.net cdn.adtelligence.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com 'self' 'unsafe-inline'; img-src maps.googleapis.com maps.gstatic.com mediafra.admiralcloud.com images.admiralcloud.com cdn.adtelligence.de blob: data: 'self'; font-src fonts.gstatic.com player.admiralcloud.com data: 'self';connect-src api.admiralcloud.com mediafra.admiralcloud.com 'self'; prefetch-src *.admiralcloud.com *.googleapis.com 'self'; frame-src tk.moovit24.de 'self'; worker-src blob: 'self'; media-src mediafra.admiralcloud.com api.admiralcloud.com blob: 'self'; report-uri https://www.tk.de/service/rest/cspviolation/report 1 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.aldi-digital.ie https://cdn.aldi-digital.co.uk https://www.googleoptimize.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://*.google.com https://www.google.co.uk https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.richrelevance.com https://bat.bing.com https://www.awin1.com https://www.dwin1.com https://ads.avocet.io https://acdn.adnxs.com https://ib.adnxs.com https://www.facebook.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://s.pinimg.com https://*.doubleclick.net https://*.go-mpulse.net https://ads.avct.cloud https://fast.wistia.net https://fast.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://assets.pinterest.com https://ct.pinterest.com https://log.pinterest.com https://widgets.pinterest.com https://t.co https://*.queue-it.net https://cdn-ukwest.onetrust.com https://*.quantserve.com https://*.bazaarvoice.com https://*.taggstar.com https://*.online-metrix.net https://services.postcodeanywhere.co.uk https://cdnjs.cloudflare.com https://www.zenaps.com https://*.2o7.net https://cm.everesttech.net https://assets.adobedtm.com https://dpm.demdex.net https://aldisued.demdex.net https://aldisued.d3.sc.omtrdc.net https://*.cybersource.com https://*.cardinalcommerce.com https://v1.addthisedge.com https://*.addthis.com https://*.akamaihd.net https://*.akstat.io https://mpsnare.iesnare.com https://the.sciencebehindecommerce.com https://*.moatads.com https://pixel.mediaiqdigital.com https://*.litix.io; 1 font-src *.sagepay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.azurefd.net *.constantcontact.com *.gstatic.com *.ctctcdn.com *.cdninstagram.com *.mailchimp.com *.firstdata.com d79i1fxsrar4t.cloudfront.net *.paypalobjects.com *.bing.com *.visualstudio.com *.windows.net *.msecnd.net *.connexity.net *.alcmpn.com *.alocdn.com *.fwmrm.net *.addthis.com *.opendns.com *.cloudflare.com *.dotomi.com *.xspadvertising.com *.acuityplatform.com *.adgrx.com *.adsrvr.org *.pro-market.net *.openx.net *.rubiconproject.com *.contextweb.com *.adnxs.com *.spotxchange.com *.rlcdn.com *.lijit.com *.crwdcntrl.net *.bluekai.com *.bfmio.com *.yahoo.com *.exelator.com *.stickyadstv.com *.pubmatic.com *.intentiq.com *.advertising.com *.agkn.com *.tremorhub.com *.contentsquare.com *.simpli.fi *.google.com *.episerver.net blob: *.contentsquare.net service.opticalanalytics.io *.smartystreets.com *.vantivcnp.com i.ytimg.com ajax.googleapis.com cdn.auth0.com cdn1.polaris.com cloudfront.loggly.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com polaris-tagging-prod.azureedge.net polaris-tagging-tagserver-prod.azurewebsites.net s.ytimg.com *.hotjar.com *.hotjar.io www.facebook.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.youtube.com servedby.flashtalking.com cdn2.polaris.com data: etc.polaris.com logs-01.loggly.com login.dotomi.com maps.googleapis.com *.doubleclick.net cdn.jsdelivr.net maps.gstatic.com; 1 default-src 'self' *.participantportal.com *.viabenefitsaccounts.com; form-action 'self' *.b2clogin.com/ *.participantportal.com *.viabenefitsaccounts.com *.payerexpress.com/ https://www.payerexpress.com/; frame-ancestors *.participantportal.com/ *.viabenefitsaccounts.com/; frame-src 'self' *.participantportal.com/ *.viabenefitsaccounts.com/ willistowerswatson.co1.qualtrics.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; script-src 'self' *.siteintercept.qualtrics.com siteintercept.qualtrics.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' https://cdn.walkme.com/ *.siteintercept.qualtrics.com 'unsafe-inline'; img-src 'self' data: https: ; font-src 'self' fonts.gstatic.com ;connect-src 'self' *.acclariscorp.com/ *.qualtrics.com ;object-src 'self'; child-src 'self'; base-uri 'self'; report-uri /benefits/servlets/CSPLogServlet; 1 font-src *.sagepay.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de; script-src 'strict-dynamic' 'nonce-22cd06f753090a3cb148e5bf04925a97' 'nonce-6293877b6eafe2e4f7c4e16f9a118910' 'nonce-3649acb6ec6a509627cdf61609e2b270' 'nonce-9c4ee791dc59cfaac6e480458efb4783' 'nonce-c88af19d4095578cff9df00585af82f3' 'nonce-3d7f7d7195cf2287d0063ac30bd937ff' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.handyvertrag.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-22cd06f753090a3cb148e5bf04925a97' 'nonce-6293877b6eafe2e4f7c4e16f9a118910' 'nonce-3649acb6ec6a509627cdf61609e2b270' 'nonce-9c4ee791dc59cfaac6e480458efb4783' 'nonce-c88af19d4095578cff9df00585af82f3' 'nonce-3d7f7d7195cf2287d0063ac30bd937ff' 'self' https: 'report-sample' 1 default-src 'self'; upgrade-insecure-requests; block-all-mixed-content; report-to logflare 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagservices.com https://apis.google.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://gstatic.com https://www.googletagmanager.com https://google-analytics.com https://t.womtp.com https://api.ipify.org https://maps.googleapis.com https://www.google.com *.vo.msecnd.net https://static.criteo.net https://bucket.cdnwebcloud.com https://stats.g.doubleclick.net https://static.hotjar.com https://ws.walmeric.com https://sslwidget.criteo.com https://script.hotjar.com https://pagead2.googlesyndication.com https://neural29.cdnwebcloud.com https://sb.scorecardresearch.com https://ad.doubleclick.net https://ads.profilemkt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com gstatic.com; img-src 'self' data: *.azureedge.net https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://magazine.solvia.es *.blob.core.windows.net https://plataforma-des.infosolvia.es https://cdnpcomercialsolvia.azureedge.net https://www.google.com https://www.google.es https://sb.scorecardresearch.com *.g.doubleclick.net https://www.facebook.com https://t.womtp.com https://pagead2.googlesyndication.com *.cdnwebcloud.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com https://in.hotjar.com *.cdnwebcloud.com; object-src 'self' https://www.google.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; report-uri https://69b2b976c6287d70a018dda40c4a3fca.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; img-src 'self' https: data:; script-src 'self' https://tag.yieldoptimizer.com https://secure.adnxs.com https://acdn.adnxs.com https://www.gstatic.com https://cdn.polyfill.io https://code.jquery.com https://cdnjs.cloudflare.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://*.responsetap.com https://*.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://use.fontawesome.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://storify.com https://fonts.gstatic.com data:; child-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com; frame-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com; connect-src 'self' https://*.google-analytics.com https://*.facebook.com https://*.doubleclick.net https://api.trustpilot.com https://*.google.com; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/reportOnly; media-src 'self'; worker-src 'self' 1 base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.pharmahub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://pharmahub.org https://www.dropbox.com https://graph.facebook.com; default-src 'self' data: https://*.pharmahub.org https://*.pharmahub.aws.hubzero.org; font-src 'self' about: https://fonts.gstatic.com data: safari-extension: chrome-extension:; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' https://*.pharmahub.org https://*.pharmahub.aws.hubzero.org https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com https://player.vimeo.com; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com;report-uri https://csp.hubzero.org/csp-cms.php;report-to cms 1 font-src 'self' https://hello.myfonts.net https://www.lightboxcdn.com https://s3.lightboxcdn.com https://c1.rfihub.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.lightboxcdn.com https://lightboxapi.azurewebsites.net https://cdn.boomtrain.com https://lib.paymentjs.firstdata.com https://c1.rfihub.net https://www.googletagmanager.com https://connect.facebook.net https://a.rfihub.com https://maps.googleapis.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://docs.paymentjs.firstdata.com https://player.vimeo.com https://static.addtoany.com maps.google.com; style-src 'self' https://hello.myfonts.net https://www.lightboxcdn.com https://s3.lightboxcdn.com https://c1.rfihub.net https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.balduccis.com/report-uri/reportOnly 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com https://store.plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com *.fbcdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.avada.io https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com https://accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net https://accounts.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es data: maps.googleapis.com *.gstatic.com *.cdninstagram.com *.fbcdn.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com maxcdn.bootstrapcdn.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maxcdn.bootstrapcdn.com addevent.com cdn.inspectlet.com cdn.syndication.twimg.com cdnjs.cloudflare.com code.jquery.com f1-eu.readspeaker.com platform.twitter.com plugins.eventable.com www.google-analytics.com ajax.googleapis.com www.google.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com www.youtube.com graph.facebook.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com ton.twimg.com twimg.com cdnjs.cloudflare.com code.jquery.com f1-eu.readspeaker.com fonts.googleapis.com platform.twitter.com; font-src 'self' fonts.googleapis.com yt3.ggpht.com fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' space.gov.ae www.google-analytics.com syndication.twitter.com ton.twimg.com hn.inspectlet.com abs.twimg.com pbs.twimg.com i.ytimg.com platform.twitter.com data:; frame-src 'self' www.google.com www.youtube.com platform.twitter.com syndication.twitter.com; frame-ancestors 'self'; connect-src 'self' www.google-analytics.com hn.inspectlet.com ws.inspectlet.com stats.g.doubleclick.net; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.maryno.net *.vk.com vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.parastorage.com *.getsale.io *.youtube.com fonts.gstatic.com *.ytimg.com; img-src 'self' data: *.maryno.net *.vk.com vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.parastorage.com *.getsale.io; connect-src https: wss: *.maryno.net *.vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.getsale.io; upgrade-insecure-requests; report-uri https://sentry.maryno.net/api/14/csp-report/?sentry_key=79209ab7e939495bba7b8d83b14909d9 1 default-src 'none'; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://embed.videodelivery.net https://stackpath.bootstrapcdn.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://code.jquery.com https://plausible.fsg.one; connect-src 'self' https://127.0.0.1:41951 https://localhost:41951 https://plausible.fsg.one; img-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdn.datatables.net; font-src 'self' data: https://fonts.gstatic.com; child-src 'self' https://www.youtube-nocookie.com https://*.google.com https://*.google.de https://api.smugmug.com; media-src 'self'; form-action 'self' https://*.formulastudent.de https://*.fs-g.org https://www.paypal.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://fsgde.report-uri.com/r/d/csp/enforce 1 font-src data: https://*.gstatic.com https://*.zopim.com https://use.fontawesome.com/releases/v5.8.2/webfonts/ 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://saml.staging2.esser-emmerik.nl yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://*.youtube.com https://www.google.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://*.gstatic.com https://www.magezon.com/productfile/ https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com/assets/svg/ www.magecomp.com/media/ www.xtento.com static.mailplus.nl www.schoolspot.nl v2.zopim.com webstats.surf.nl www.google.nl www.google.com *.doubleclick.net https://optimize.google.com https://static.zdassets.com https://amcglobal.sc.omtrdc.net cdn.xtento.com https://www.magezon.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://www.google.com/recaptcha/ https://checkout.buckaroo.nl/api/buckaroosdk/script https://*.youtube.com https://*.mailplus.nl www.googletagmanager.com www.xtento.com cdn.xtento.com https://maps.google.com/ https://www.google.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://checkout.buckaroo.nl https://use.fontawesome.com/releases/v5.8.2/css/ https://*.mailplus.nl https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://dpm.demdex.net/ www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri /csp-report; frame-ancestors www.flygresor.se secure.rentalcars.com brands.datahc.com hyrbil.flygresor.se; child-src 'self' www.flygresor.se b2b-api.etraveli.com www.cdn-net.com www.travelpartner.se secure5.arcot.com vars.hotjar.com staticxx.facebook.com tr.snapchat.com *.adform.net/ *.doubleclick.net weatherwidget.io *.googlesyndication.com flygresor-travelinfo.fwdev.se *.fwdev.se www.google.com 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.tradedoubler.com 'self' 'unsafe-inline'; form-action *.twitter.com *.trustpilot.com *.clerk.io *.paypal.com *.braintreegateway.com *.cardinalcommerce.com *.tradedoubler.com thegamecollection.us2.list-manage.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.twitter.com *.trustpilot.com *.clerk.io *.cardinalcommerce.com *.authorize.net *.paypal.com *.braintreegateway.com *.kaptcha.com *.craftyclicks.co.uk *.youtube.com *.google.com *.tradedoubler.com 'self' 'unsafe-inline'; img-src *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.vimeocdn.com 'self' data: *.trustpilot.com *.clerk.io *.doubleclick.net *.storyblok.com *.ytimg.com *.gstatic.com *.tradedoubler.com *.tumblr.com *.sooqr.com *.paypalobjects.com *.facebook.com 'self' 'unsafe-inline'; script-src *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.trustpilot.com *.clerk.io *.signifyd.com *.authorize.net *.cardinalcommerce.com *.braintreegateway.com *.paypal.com *.braintree-api.com *.sandbox.braintree-api.com *.kaptcha.com *.craftyclicks.co.uk chimpstatic.com *.sooqr.com *.mailchimp.com *.list-manage.com *.google.com *.tradedoubler.com *.paypalobjects.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.fontawesome.com *.trustpilot.com *.clerk.io *.bootstrapcdn.com *.sooqr.com *.mailchimp.com *.tradedoubler.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.cloudflare.com *.twitter.com *.paypal.com *.trustpilot.com *.clerk.io *.braintreegateway.com *.braintree-api.com *.sandbox.braintree-api.com *.kaptcha.com *.amazonaws.com *.google-analytics.com *.doubleclick.net *.tradedoubler.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://thegamecollection2.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.netreviews.eu cl.avis-verifies.com www.google.com www.google.fr www.facebook.com bat.bing.com px.ads.linkedin.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.kameleoon.com *.kameleoon.eu cl.avis-verifies.com www.googletagmanager.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.kameleoon.com *.kameleoon.eu www.google-analytics.com bat.bing.com *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.at ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.at *.spreadshirt.at ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.at ; font-src 'self' https: data: *.spreadshirt.at ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.at ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.at ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 script-src 'self' cdn.polyfill.io https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://s7.addthis.com https://w.soundcloud.com https://www.google.com; script-src-attr 'self'; style-src 'self' fast.fonts.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.plyr.io https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/ http://use.typekit.net/ http://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/ 1 default-src 'self' blob:; child-src: 'self' blob:; script-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net cdn.cookielaw.org assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; img-src 'self' data: assets.new.siemens.com maps.siemens.com metrics.brightcove.com brightcove04pmdo-a.akamaihd.net cf-images.eu-west-1.prod.boltdns.net cf-images.us-east-1.prod.boltdns.net siemens.sc.omtrdc.net track.adform.net s2033604275.t.eloqua.com cdn.cookielaw.org cookies.siemens.com; font-src 'self' data: tools.adlytics.net; connect-src 'self' search.new.siemens.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net cdn.cookielaw.org dmp.adform.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; media-src 'self' assets.new.siemens.com secure.brightcove.com *.media.brightcove.com blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; worker-src 'self' 'unsafe-inline' blob:; object-src players.brightcove.net; block-all-mixed-content; reflected-xss block; base-uri 'self'; referrer origin-when-cross-origin; report-uri https://report-uri.dc.siemens-energy.com/ 1 block-all-mixed-content; report-uri /_/csp-reports 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.gstatic.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; connect-src 'self' *.googleapis.com syndication.twitter.com www.google.com id.siteimprove.com app.trackduck.com my2.siteimprove.com cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net svc.webspellchecker.net login.microsoftonline.com login.windows.net dc.services.visualstudio.com; font-src data fonts.gstatic.com svc.webspellchecker.net 'self'; manifest-src 'self'; object-src 'self'; frame-src 'self' update.mills-reeve.com twitter.com e.issuu.com cdn.yoshki.com login.windows.net player.vimeo.com static.addtoany.com *.twitter.com tpc.googlesyndication.com analytics-google.net www.googletagmanager.com mozbar.moz.com *.facebook.com acs.airplus.com connect.facebook.net bid.g.doubleclick.net vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src *.google.co.uk *.youtube.com *.google.com *.mills-reeve.com i.vimeocdn.com *.siteimproveanalytics.io *.twimg.com *.twitter.com lowffdompro.com login.microsoftonline.com googleads.g.doubleclick.net www.gstatic.com *.google.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com csi.gstatic.com data: *.ggpht.com img.youtube.com *.googleapis.com maps.gstatic.com 'self' ssl.google-analytics.com stats.g.doubleclick.net *.facebook.com www.google.co.uk www.google.com www.google-analytics.com; media-src 'self' player.vimeo.com *.akamaized.net ssl.gstatic.com data:; script-src 'self' data komito.net platform.twitter.com siteimproveanalytics.com az416426.vo.msecnd.net cdn.syndication.twimg.com svc.webspellchecker.net www.gstatic.com www.google.com tpc.googlesyndication.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com *.vimeo.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src svc.webspellchecker.net ton.twimg.com platform.twitter.com *.googleapis.com inline: 'self' 'unsafe-inline'; report-uri https://mills.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=f8d3ff3cb66525d7baf7a405bb38a345 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.klaviyo.com https://fast.a.klaviyo.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://static.klaviyo.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.bootstrapcdn.com *.gstatic.com *.yotpo.com *.typekit.net *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.amazonaws.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.paypal.com *.braintreegateway.com *.kaptcha.com *.olark.com *.global-e.com *.facebook.com *.doubleclick.net *.google.co.in *.jst.ai 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.typekit.net *.yotpo.com *.google.com *.google.co.in *.listrakbi.com *.gstatic.com *.paypal.com *.facebook.com *.wisepops.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.typekit.net *.yotpo.com *.listrakbi.com *.newrelic.com *.nr-data.net stglite.bglobale.com *.braintreegateway.com *.paypal.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.impactradius-event.com *.wisepops.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com *.facebook.com *.bing.com *.facebook.net *.yimg.com *.jst.ai *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com *.googleapis.com *.yotpo.com *.listrakbi.com *.bglobale.com *.olark.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.global-e.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.olark.com *.miraclesuit.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.yotpo.com *.google-analytics.com stats.g.doubleclick.net *.nr-data.net *.braintree-api.com *.paypal.com *.braintreegateway.com *.wisepops.com *.olark.com *.global-e.com *.miraclesuit.com *.magicsuitswim.com *.miraclebody.com *.longitudeswim.com *.amoressa.com *.kikirio.com *.skinnydippers.com *.bing.com *.jst.ai 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob: data:; img-src 'self' blob: data: *.google.com *.google.com.tw *.gstatic.com *.googleusercontent.com https://stats.g.doubleclick.net https://begonia-admin.azurewebsites.net https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://www.facebook.com; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com https://fonts.googleapis.com https://p.typekit.net; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; connect-src 'self' blob: data: localhost:* https://begonia-api.azurewebsites.net https://www.google-analytics.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://use.typekit.net https://www.facebook.com; form-action 'self' https://begonia-api.azurewebsites.net https://www.facebook.com; frame-src 'self' *.google.com https://www.facebook.com https://bid.g.doubleclick.net; object-src 'self' data:; base-uri 'self'; worker-src 'self' blob:; frame-ancestors 'none' 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.google.com www.google.com.ua www.google.com.uk www.google.com.fr www.google.com.de www.google.com.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com googleads.g.doubleclick.net www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.gstatic.com *.googleapis.com *.typekit.net *.fontawesome.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com 5900250.fls.doubleclick.net *.payments-amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.google.co.uk *.paypal.com *.run4it.com *.fbcdn.net d23yuld0pofhhw.cloudfront.net ut.ra.linksynergy.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.avada.io *.cloudflare.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.feefo.com *.run4it.com *.klevu.com *.payments-amazon.com googleads.g.doubleclick.net connect.facebook.net tag.rmp.rakuten.com *.typekit.net *.google.com theed11117.pcapredict.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.gstatic.com *.fontawesome.com *.klevu.com *.run4it.com *.postcodeanywhere.co.uk unpkg.cm 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.paypal.com *.feefo.com *.instagram.com *.amazon.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 1 block-all-mixed-content; upgrade-insecure-requests; report-uri /_/csp-reports 1 script-src spir.hit.gemius.pl track.adform.net ssl.heureka.cz im9.cz c.imedia.cz api.mapy.cz www.heureka.cz *.mapy.cz script.hotjar.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com googleads.g.doubleclick.net connect.facebook.net static.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com api.mapy.cz 'unsafe-inline' 'self'; report-uri /csp 1 default-src 'self' maxcdn.bootstrapcdn.com; connect-src www.google-analytics.com stats.g.doubleclick.net login-prod.nlm.nih.gov auth.nih.gov; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com webfonts.zohostatic.com; img-src 'self' www.google-analytics.com; script-src 'self' 'unsafe-inline' www.google-analytics.com maxcdn.bootstrapcdn.com script.crazyegg.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.toolpartsdirect.com ssl.google-analytics.com d.impactradius-event.com www.googletagmanager.com www.googlecommerce.com *.google.com s.ytimg.com www.youtube-nocookie.com *.addthis.com z.moatads.com v1.addthisedge.com static-na.payments-amazon.com js.braintreegateway.com logs-01.loggly.com www.paypalobjects.com c.paypal.com assets.braintreegateway.com flex.msn.com *.cloudmaestro.com *.cloudflare.com www.googleadservices.com bat.bing.com 1 script-src 'self' https://cdnjs.cloudflare.com https://d1f8f9xcsvx3ha.cloudfront.net https://js.stripe.com https://polyfill.io; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.williamashley.com www.google.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.pinimg.com *.livechatinc.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com assets.pinterest.com *.cloudmaestro.com maps.googleapis.com tpc.googlesyndication.com 1 default-src 'self'; connect-src 'self' https://wp-static.assets.sh https://notify.bugsnag.com https://sessions.bugsnag.com https://www.google-analytics.com https://performance.typekit.net https://*.mapbox.com; font-src 'self' https://wp-static.assets.sh https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com/; img-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.be https://www.google.com https://p.typekit.net blob: data:; manifest-src 'self' https://wp-static.assets.sh; media-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh; script-src 'self' 'unsafe-inline' https://polyfill.io https://wp-static.assets.sh https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://www.googletagmanager.com https://www.google-analytics.com https://use.typekit.net https://api.mapbox.com https://stats.g.doubleclick.net https://c52.livecom.net; style-src 'self' 'unsafe-inline' https://wp-static.assets.sh https://fonts.googleapis.com https://api.mapbox.com https://c52.livecom.net https://p.typekit.net https://use.typekit.net; worker-src 'self' https://wp-static.assets.sh blob:; frame-ancestors 'none'; form-action 'self'; report-uri https://mrhenry.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com www.gstatic.com/recaptcha/ www.youtube.com *.ytimg.com www.google.com *.googleapis.com *.google.com www.googleadservices.com www.googletagmanager.com *.cookielaw.org *.onetrust.com connect.facebook.net; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: reedexpo-service.com www.barconvent.com *.cookielaw.org *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com connect.facebook.net www.google.de www.google.com www.google.at *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com *.cookielaw.org *.onetrust.com *.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com www.google.com reedexpo-service.com *.google.com; frame-ancestors 'self' data: 1 child-src mc.yandex.md mc.yandex.ru;script-src mc.yandex.ru yastatic.net awaps.yandex.ru 'nonce-RIGOVkh7Jx13B1mnm74f5w==' yandex.ru;img-src awaps.yandex.net yandex.ru mc.admetrica.ru data: mc.yandex.ru *.verify.yandex.ru 'self' avatars.mds.yandex.net favicon.yandex.net yastatic.net mc.yandex.com;report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1610681807.59515.95185.52220&h=stable-morda-any-man-yp-5&csp=new&date=20210115&yandexuid=812540451610681808;connect-src mc.admetrica.ru mc.yandex.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;default-src 'none' 1 font-src https://*.gstatic.com https://*.typekit.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://*.googleapis.com https://*.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';script-src 'self' 'nonce-33bMQdLabpmJm2dx2C7h' *.jquery.com *.google.com *.youtube.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.aspnetcdn.com ajax.aspnetcdn.com *.googletagmanager.com *.cloudflare.com unpkg.com *.sharethis.com *.ytimg.com;style-src 'self' 'unsafe-inline' *.jquery.com *.google.com *.gstatic.com *.googleapis.com *.aspnetcdn.com stats.g.doubleclick.net;img-src 'self' stats.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google.com *.google.co.uk googleads.g.doubleclick.net via.placeholder.com *.sharethis.com data: waspshubmedia.blob.core.windows.net;frame-src 'self' googleads.g.doubleclick.net *.google.com *.google.co.uk *.vimeo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com;font-src 'self' *.gstatic.com data:;connect-src 'self' query.yahooapis.com *.sharethis.mgr.consensu.org *.pingdom.net *.sharethis.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MzMzOTM5NDYxLDE3NDU1NzkyNTI='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 frame-ancestors 'self'; report-uri https://c4b562ef207d9ca89618f9d5f5a9d1d9.report-uri.com/r/d/csp/reportOnly; 1 default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; report-uri /https_reporting 1 report-uri https://pc.clickstream.events/events/csp; frame-ancestors 'none'; upgrade-insecure-requests; default-src https:; object-src 'none'; child-src 'self' https://analytics.powerchord.com; connect-src 'self' https://*.powerchord.com https://*.powerchord.io; script-src 'self' https://*.powerchord.com https://*.powerchord.io https://cdnjs.cloudflare.com https://browser.sentry-cdn.com https://www.googletagmanager.com https://connect.facebook.net https://*.googleapis.com https://*.mapbox.com https://pc.clickstream.events; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 1 default-src 'unsafe-inline' *.ssl.google-analytics.com * data: ; script-src 'self' 'unsafe-inline' *.plus.meshulam.co.il *.dev.meshulam.co.il *.meshulam.co.il *.google-analytics.com *.bankhapoalim.co.il *.poalim-site.co.il ;object-src 'none' ; report-uri //meshulam.co.il/api/server/1.0/reportCsp/; 1 object-src 'none';base-uri 'self';script-src 'nonce-1mZ5WwGE7zvh6KD3fPlL' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1 default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://www.gstatic.com https://connect.facebook.net https://*.ekomi.com https://googleads.g.doubleclick.net; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.facebook.com https://bat.bing.com https://ssl.google-analytics.com https://i.ytimg.com https://i.imgur.com https://www.googletagmanager.com https://www.google.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://www.google.com https://www.youtube.com https://*.facebook.com; object-src 'none'; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net http://*.google-analytics.com; report-uri /cors; 1 default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.za:*; frame-ancestors *.calypso.net.au *.flightcentre.co.za; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.beautysuccess.fr fonts.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src libs.hipay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.vimeocdn.com data: *.beautysuccess.fr maps.googleapis.com maps.gstatic.com *.openstreetmap.org 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.beautysuccess.fr *.googletagmanager.com maps.googleapis.com api.socloz.com api.widget.botmind.io *.hipay.com *.hipay-tpp.com mpsnare.iesnare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.beautysuccess.fr fonts.googleapis.com libs.hipay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.beautysuccess.fr 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.b0e8.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.b0e8.com *.bc0a.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.foursixty.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.gstatic.com *.cloudfront.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.paypalobjects.com *.freshchat.com *.yieldify.com *.reviews.co.uk bid.g.doubleclick.net www.google-analytics.com *.google.com *.braintreegateway.com googleads.g.doubleclick.net *.google.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.advertising.com *.outbrain.com *.google.com *.taboola.com *.bing.com *.ad-stir.com *.smartclip.net *.yieldify.com *.google.co.uk 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.webgains.io *.nr-data.net *.foursixty.com foursixty.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net paypal-eu-cdn.cloudiq.com *.salesfire.co.uk *.googletagmanager.com *.esearchvision.com *.pcapredict.com *.reviews.co.uk *.freshchat.com chimpstatic.com *.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net *.freshchat.com *.reviews.co.uk *.cloudfront.net foursixty.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.loyaltylion.com *.criteo.com *.criteo.net *.smartmetrics.co.uk *.socital.com *.doubleclick.net *.reviews.co.uk *.paypal.com www.google-analytics.com foursixty.com *.googleapis.com *.sandbox.braintree-api.com *.live.braintree-api.com googleads.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.bootstrapcdn.com *.doofinder.com *.api.useinsider.com *.hotjar.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.bronto.com *.nr-data.net *.facebook.com *.facebook.net *.trustpilot.com *.loyaltylion.net *.criteo.com *.criteo.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /misc/csp-report.php 1 frame-ancestors 'self'; report-uri /csp/report/; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=engineering_blog%2Fblog&source%5Bdomain%5D=shopify.engineering&source%5Bsection%5D=brochure&source%5Buuid%5D=d7f5831a9160ebbba5ada6e06cd15ac4 1 object-src 'self'; manifest-src 'self'; child-src *.pardot.com *.vimeo.com *.youtube.com *.sharethis.com *.trizettoprovider.com *.cognizant.com 'self'; media-src *.vimeo.com *.youtube.com 'self'; script-src *.sharethis.com *.pardot.com *.trizettoprovider.com https://*.olark.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://snap.licdn.com https://connect.facebook.net https://analytics.twitter.com https://static.ads-twitter.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem *.pardot.com *.trizettoprovider.com https://*.olark.com *.sharethis.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.googleapis.com https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.polyfill.io https://unpkg.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src-elem https://*.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' 'self'; font-src *.pardot.com *.trizettoprovider.com *.cognizantrcm.com https://*.typekit.net https://fonts.gstatic.com 'self' data:; frame-src *.sharethis.com *.pardot.com *.trizettoprovider.com https://*.olark.com https://www.youtube.com https://c.sharethis.mgr.consensu.org https://*.vimeo.com https://media.licdn.com https://www.facebook.com 'self'; img-src *.sharethis.com *.trizettoprovider.com data: *.pardot.com https://*.olark.com https://secure.gravatar.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com http://t.co https://t.co https://www.facebook.com https://www.linkedin.com https://s3.amazonaws.com https://www.googletagmanager.com https://s.w.org https://i.ytimg.com 'self' data:; connect-src https://*.yoast.com *.sharethis.com *.trizettoprovider.com https://*.olark.com https://stackpath.bootstrapcdn.com https://www.facebook.com https://rdp.rhombusads.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self'; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com *.sharethis.com www.googleadservices.com widget-mediator.zopim.com fast.a.klaviyo.com static.klaviyo.com *.google-analytics.com fast.a.klaviyo.com static.klaviyo.com www.reddittstatic.com s3.amazonaws.com *.paypal.com connect.facebook.net *.pinimg.com www.youtube.com googleads.g.doubleclick.net *.ytimg.com static.doubleclick.net www.bookshark.com www.googleadservices.com js.braintreegateway.com www.paypalobjects.com *.google.com www.paypal.com www.gstatic.com 1 default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: data:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 1 script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ https://*.quantserve.com https://*.quantcount.com https://quantcast.mgr.consensu.org 'unsafe-eval' 'nonce-hbUdCt3m0un9J7UBh30tePiMdUo'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.100partnerprogramme.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1 default-src 'self' syndication.twitter.com; script-src js.trentino.com 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.trentino.com css.trentino.com www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.trentino.com js.trentino.com; font-src css.trentino.com; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1 report-uri https://www.yelp.com/csp_report_only?id=4975fb91958a3986&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www×tamp=1610687359; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1 base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.stemedhub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://stemedhub.org https://www.dropbox.com https://graph.facebook.com; default-src 'self' data: https://*.stemedhub.org https://*.stemedhub.aws.hubzero.org; font-src 'self' about: https://fonts.gstatic.com data: safari-extension: chrome-extension:; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' https://*.stemedhub.org https://*.stemedhub.aws.hubzero.org https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com https://player.vimeo.com; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com;report-uri https://csp.hubzero.org/csp-cms.php;report-to cms 1 default-src 'self' 'unsafe-inline' pagead2.googlesyndication.com cloudflareinsights.com google.com gstatic.com https://sentry.io/api/1476768/store/ cse.google.com dc.services.visualstudio.com doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google.com www.googletagservices.com *.google.co.uk partner.googleadservices.com static.cloudflareinsights.com cse.google.com ttt.f3nws.com browser.sentry-cdn.com connect.facebook.net cdn.ampproject.org www.gstatic.com www.google.com cdnjs.cloudflare.com cdn.jsdelivr.net ajax.cloudflare.com www.googletagmanager.com instant.page pagead2.googlesyndication.com www.supercounters.com az416426.vo.msecnd.net t.f3nws.com www.google-analytics.com; style-src 'self' data: 'unsafe-inline' *.google.com cdnjs.cloudflare.com; img-src 'self' data: pagead2.googlesyndication.com cloudflareinsights.com *.gstatic.com *.googleapis.com *.google.com ttt.f3nws.com i.f3nws.com t.f3img.gq images.weserv.nl logo.clearbit.com placehold.it placeholder.pics ex.f3img.gq www.googletagmanager.com www.google-analytics.com; font-src www.f3nws.com cdn.jsdelivr.net cdnjs.cloudflare.com; frame-src *.googlesyndication.com www.facebook.com staticxx.facebook.com www.google.com www.youtube.com googleads.g.doubleclick.net; frame-ancestors 'self'; report-uri https://f3nws.report-uri.com/r/d/csp/enforce 1 default-src 'self' http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com;style-src 'self' 'unsafe-inline' https://ton.twimg.com https://platform.twitter.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com http://embed-assets.wakelet.com http://platform.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://player.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://machinelearningforkids.co.uk;frame-src 'self' http://embed.wakelet.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://player.vimeo.com https://login.machinelearningforkids.co.uk;img-src 'self' https://auth0.com http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://www.google-analytics.com data: blob: https://* http://*;worker-src 'self' blob:;font-src 'self' data:;connect-src 'self' https://www.google-analytics.com *.sentry.io https://login.machinelearningforkids.co.uk 1 connect-src 'self' *.tctm.com *.insights.hotjar.com;default-src 'self';frame-ancestors 'self';frame-src 'self' *.flightview.com *.vimeo.com;media-src 'self' *.example.com;object-src 'none';report-uri https://bb8.agencehpj.com/csp;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hpjcc.com www.youtube.com www.gstatic.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net js-agent.newrelic.com unpkg.com code.jquery.com ssl.google-analytics.com bat.bing.com *.tctm.com pi.pardot.com static.hotjar.com bam.nr-data.net www.google.com connect.facebook.net script.hotjar.com maps.googleapis.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;img-src 'self' data: https: www.google-analytics.com;style-src 'self' 'unsafe-inline' https: data: fonts.googleapis.com; 1 font-src *.fontawesome.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com fonts.gstatic.com assets.quadpay.com data: at.alicdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es www.facebook.com learn.montikids.com alexia-s-school-1aa3.thinkific.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com fonts.gstatic.com *.hotjar.com *.montikids.com *.doubleclick.net *.youtube.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://*.talkable.com www.facebook.com tpc.googlesyndication.com player.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.facebook.com media.montikids-stage.net *.montikids.com *.bing.com *.google.com *.pinterest.com data: shareasale.com shareasale-analytics.com *.talkable.com assets.quadpay.com www.google.ca www.google.dk d33v4339jhl8k0.cloudfront.net www.google.com.uy www.googletagmanager.com googleads.g.doubleclick.net www.google.com.ua www.google.co.in www.google.com.br www.google.se i.ytimg.com www.google.es img.youtube.com www.google.de www.google.hr www.google.ch www.google.com.pa www.google.it www.google.com.ph www.google.co.uk connect.facebook.net www.google.com.mx www.google.co.za www.google.co.ke www.google.si www.google.cz www.google.co.il www.gstatic.com www.google.com.pk www.google.no www.google.com.au www.google.co.kr www.google.com.sg loungesrc.net www.google.com.hk www.google.fr www.google.com.co www.google.co.ma www.google.be www.google.com.tw www.google.com.do www.google.gr www.google.ge 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.avada.io *.doubleclick.net *.amplitude.com *.hotjar.com *.vimeocdn.com *.bing.com s.pinimg.com www.dwin1.com chimpstatic.com *.cloudfront.net *.helpscout.net *.fullstory.com shareasale.com shareasale-analytics.com *.quadpay.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://d2jjzw81hqbuqv.cloudfront.net js-agent.newrelic.com bam-cell.nr-data.net unpkg.com www.google.com tpc.googlesyndication.com www.babylist.com www.googletagmanager.com loungesrc.net cache-check.net siteprerender.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.quadpay.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.google-analytics.com *.doubleclick.net *.amplitude.com *.fullstory.com *.cloudfront.net *.pinterest.com *.hotjar.com *.facebook.com *.bing.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com bam-cell.nr-data.net chatapi.helpscout.net beaconapi.helpscout.net www.google.com vc.hotjar.io ws5.hotjar.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://montikids.com/fl32csp/report/; 1 font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.dotdigital-pages.com *.dotdigital.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://cdn.jsdelivr.net https://use.fontawesome.com; frame-ancestors 'self' 1 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws:; report-uri /csp-violation-report-endpoint/ 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MzA1NTM3MTI3NCwxOTcyMDYzMDY4'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; script-src 'self' ajax.googleapis.com ajax.aspnetcdn.com use.typekit.com platform.twitter.com cdn.syndication.twimg.com web103.reachmee.com ssl.google-analytics.com s.webtrends.com statse.webtrendslive.com ssl.webserviceaward.com; style-src 'self' ajax.googleapis.com fonts.googleapis.com platform.twitter.com ssl.webserviceaward.com; img-src 'self' data: about: ajax.googleapis.com platform.twitter.com syndication.twitter.com pbs.twimg.com p.typekit.net statse.webtrendslive.com hm.webtrends.com ssl.webserviceaward.com; font-src 'self' data: fonts.gstatic.com use.typekit.com; connect-src 'self' performance.typekit.net; media-src 'self'; object-src 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com platform.twitter.com syndication.twitter.com cws.huginonline.com inpublic.globenewswire.com web103.reachmee.com; report-uri /csp-report; 1 font-src 'self' https://hello.myfonts.net https://www.lightboxcdn.com https://s3.lightboxcdn.com https://c1.rfihub.net https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.lightboxcdn.com https://lightboxapi.azurewebsites.net https://cdn.boomtrain.com https://lib.paymentjs.firstdata.com https://c1.rfihub.net https://www.googletagmanager.com https://connect.facebook.net https://a.rfihub.com https://maps.googleapis.com https://zbtpb.dsp7c.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://docs.paymentjs.firstdata.com https://player.vimeo.com https://static.addtoany.com maps.google.com; style-src 'self' https://hello.myfonts.net https://www.lightboxcdn.com https://s3.lightboxcdn.com https://c1.rfihub.net https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'self'; report-uri https://kingsfoodmarkets.com/report-uri/reportOnly 1 default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 1 font-src fonts.gstatic.com data: v2.zopim.com chrome-extension *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es payments-sandbox.amazon.com payments.amazon.com apay-us.amazon.com www.paypal.com https://www.facebook.com/tr/ javascript 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es assets.braintreegateway.com www.youtube.com www.google.com payments-sandbox.amazon.com static-na.payments-amazon.com api-cdn.amazon.com pay.google.com c.paypal.com apay-us.amazon.com assets.hcaptcha.com www.paypalobjects.com www.youtube-nocookie.com https://payments.amazon.com/ https://ssl.kaptcha.com/ https://www.facebook.com/ bid.g.doubleclick.net checkout.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es shield.sitelock.com avinusa.com d2ldlvi1yef00y.cloudfront.net tracking.qa.paypal.com www.cloudflare.com data: images-na.ssl-images-amazon.com m.media-amazon.com b.stats.paypal.com c.paypal.com slc.stats.paypal.com maps.gstatic.com c6.paypal.com chd.stats.paypal.com dub.stats.paypal.com hnd.stats.paypal.com slc2.stats.paypal.com translate.google.com translate.googleapis.com v2assets.zopim.io v2uploads.zopim.io www.facebook.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.com.np www.google.tg www.google.tn www.google.tt www.google.com.bo www.google.com.bz www.google.dj www.google.ps www.google.ru www.googletagmanager.com www.gstatic.com www.microsofttranslator.com stats.g.doubleclick.net chd2.stats.paypal.com img.youtube.com i9.ytimg.com i.ytimg.com connect.facebook.net lh3.googleusercontent.com lh6.googleusercontent.com graph.facebook.com business.facebook.com quickchart.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://devdocs.magento.com https://magento.com c.paypal.com pay.google.com maps.googleapis.com js.braintreegateway.com ajax.cloudflare.com static-na.payments-amazon.com payments-sandbox.amazon.com www.google.com www.gstatic.com static.cloudflareinsights.com api.microsofttranslator.com cdnjs.cloudflare.com connect.facebook.net data: s3.amazonaws.com static.zdassets.com translate.google.com translate.googleapis.com v2.zopim.com widget-mediator.zopim.com www.googletagmanager.com www.microsofttranslator.com www.pagespeed-mod.com googleads.g.doubleclick.net accounts.google.com www.facebook.com graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com translate.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://devdocs.magento.com api.amazon.com www.google-analytics.com www.paypal.com api.sandbox.braintreegateway.com payments.sandbox.braintree-api.com https://www.paypal.com/xoplatform/logger/api/logger payments-sandbox.amazon.com origin-analytics-sand.sandbox.braintree-api.com ajax.googleapis.com apay-us.amazon.com api.braintreegateway.com avinusa.zendesk.com client-analytics.braintreegateway.com payments.amazon.com payments.braintree-api.com translate.googleapis.com widget-mediator.zopim.com wss://widget-mediator.zopim.com ekr.zdassets.com s.yimg.com https://www.facebook.com/tr/ nf44a9pati.execute-api.us-west-2.amazonaws.com 'self' stats.g.doubleclick.net www.paypalobjects.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src www.paypalobjects.com ajax.cloudflare.com fonts.googleapis.com static-na.payments-amazon.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://193dd4f89049350ffe61aa3091eae42e.report-uri.com/r/d/csp/wizard; report-to report-endpoint; 1 report-uri /csp/report 1 font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com s.ytimg.com 'self' 'unsafe-inline'; script-src www.youtube.com video.google.com polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.algolia.com *.algolia.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage®ion=US&lang=en-US&device=desktop&yrid=3cks8mhg021bd&partner=; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tpj.report-uri.io/r/default/csp/reportOnly 1 script-src 'self' *.cloudflare.com *.marketo.net *.googleoptimize.com *.google-analytics.com *.googletagmanager.com *.onetrust.com *.cloudflarestream.com *.zendesk.com *.videodelivery.net *.greenhouse.io cdn.bizible.com d2c7xlmseob604.cloudfront.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' d.adroll.com/ipixel/* cdn.bizible.com www.google.com/ads/ga-audiences *.cloudflare.com di.rlcdn.com; worker-src 'self' *.cloudflare.com blob:; report-uri https://o51786.ingest.sentry.io/api/5457608/security/?sentry_key=8714496fb67947618e2332be5e3054df 1 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::PLHR_2_10_X_ASYNC 1 script-src 'nonce-lZcnvkqOEcpBSxpjAjjPCw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1 font-src *.fontawesome.com *.cloudflare.com *.googleapis.com *.klevu.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.klevu.com *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'unsafe-inline' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googletagmanager.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.klevu.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.testfreaks.com *.ksearchnet.com *.klevu.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=34f1766ac8a73c846163165b503fe68d 1 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://basinelectric.report-uri.com/r/d/csp/wizard 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.addthis.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com https://cdn.klarna.com data: https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self'; report-uri: https://pegasotecnologiacfdi.net; 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.fi ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.fi *.spreadshirt.fi ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.fi ; font-src 'self' https: data: *.spreadshirt.fi ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.fi ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.fi ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src 'self'; connect-src 'self' *.nr-data.net *.demdex.net lifewaychristianreso.tt.omtrdc.net *.fullstory.com *.zopim.com *.zdassets.com www.facebook.com wss://widget-mediator.zopim.com www.google-analytics.com *.doubleclick.net s3.amazonaws.com *.s3.amazonaws.com account.lifeway.com account.uat.lifeway.com account.int.lifeway.com; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com *.zopim.com; form-action 'self' *.lifeway.com *.s3.amazonaws.com; frame-src 'self' *.demdex.net platform.twitter.com *.gototraining.com www.facebook.com *.wordsearchbible.lifeway.com www.youtube.com *.vimeo.com account.lifeway.com account.uat.lifeway.com account.int.lifeway.com; img-src 'self' data: blob: *; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.nr-data.net *.lifeway.com connect.facebook.net *.newrelic.com *.pinterest.com platform.twitter.com www.google-analytics.com fullstory.com *.fullstory.com *.zopim.com *.zdassets.com *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /security/log_csp_report 1 default-src http: https:; script-src data: 'unsafe-inline' 'unsafe-eval' http: https: blob:; style-src 'unsafe-inline' http: https:; img-src data: http: https:; font-src data: http: https:; connect-src http: https: wss://ws3.hotjar.com; report-uri https://webstores.report-uri.com/r/d/csp/reportOnly; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.id&source%5Bsection%5D=brochure&source%5Buuid%5D=f2c2aa77ee063c72bfa28f62ea9bbc6a 1 script-src 'self' https://static.addtoany.com https://use.fontawesome.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp.php 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' report-uri https://o386320.ingest.sentry.io/api/5220435/security/?sentry_key=3273b689f0fe47869d3121e0be7fcd73 1 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.weltpixel.com *.wesupply.xyz yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es data: *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' unsafe-eval https://stats.wp.com https://s0.wp.com https://s1.wp.com https://c0.wp.com https://secure.gravatar.com https://connect.facebook.net https://js.intercomcdn.com https://widget.intercom.io https://translate.google.com https://translate.googleapis.com https://platform.twitter.com https://s2.wp.com https://falsewp-content https://ucads-cdn.ucweb.com https://adservice.google.com.ng https://pagead2.googlesyndication.com https://partner.googleadservices.com https://www.googletagservices.com https://adservice.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com 'unsafe-inline'; script-src-elem 'self'; style-src 'self' https://fonts.googleapis.com https://s0.wp.com https://c0.wp.com https://secure.gravatar.com https://translate.googleapis.com https://falsewp-content https://s.gravatar.com https://adblockers.opera-mini.net 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com https://jetpack.wordpress.com https://widgets.wp.com https://akismet.com https://www.facebook.com https://web.facebook.com https://platform.twitter.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com; connect-src 'self' https://api-iam.intercom.io https://translate.googleapis.com https://plugin.ucads.ucweb.com https://gjtrack.ucweb.com https://pagead2.googlesyndication.com; img-src 'self' data: https://secure.gravatar.com https://websfavourites.com https://pixel.wp.com https://i0.wp.com https://jetpackme.files.wordpress.com https://i1.wp.com https://i2.wp.com https://www.facebook.com https://c0.wp.com https://ps.w.org https://s.w.org https://static.intercomassets.com https://www.gstatic.com https://translate.googleapis.com https://www.google.com https://translate.google.com https://s2.wp.com https://s0.wp.com https://falsefalsewp-content https://s0.wordpress.com https://pagead2.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com https://s0.wp.com https://c0.wp.com https://js.intercomcdn.com; report-uri https://websfavourites.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1610560129 1 default-src 'none'; img-src 'self' data: https://jwpltx.com https://i.ytimg.com https://images.podigee.com https://tr.familienunternehmer.eu; media-src 'self'; style-src 'self' 'unsafe-inline' https://cdn.podigee.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.podigee.com https://connect.facebook.net https://ssl.p.jwpcdn.com https://tr.familienunternehmer.eu https://www.youtube.com https://platform.twitter.com; font-src 'self' https://cdn.podigee.com https://ssl.p.jwpcdn.com; frame-src 'self' https://www.familienunternehmer.eu https://intranet.familienunternehmer.eu https://www.junge-unternehmer.eu https://cdn.podigee.com https://www.youtube.com https://platform.twitter.com https://www.facebook.com; connect-src 'self'; form-action 'self'; object-src 'self'; report-uri https://csp.familienunternehmer.eu/csp; 1 object-src 'none'; base-uri 'self' 'report-sample'; block-all-mixed-content; frame-ancestors 'self'; 1 default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com data: fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google.com *.googleadservices.com googleads.g.doubleclick.net; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.getclicky.com t.co *.facebook.com *.olark.com *.adroll.com *.google-analytics.com *.gstatic.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.datadoghq.com *.getclicky.com *.facebook.com *.olark.com *.google-analytics.com *.g.doubleclick.net; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com www.youtube.com www.facebook.com *.olark.com www.google.com bid.g.doubleclick.net; 1 : default-src https: 1 default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; report-uri https://deceblog.net/wp-json/rsssl/v1/csp?rsssl_apitoken=1610675524 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com js.authorize.net jstest.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.hotjar.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.widget.reviews.co.uk *.reviews.co.uk https://www.pingdom.com http://www.pingdom.com https://www.reviews.io https://www.reviews.co.uk *.pingdom.com *.wed2b.co.uk 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://widget.reviews.co.uk *.twitter.com *.hotjar.com *.doubleclick.net *.ladesk.com *.typeform.com *.facebook.com *.reviews.co.uk *.braintreegateway.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.google.co.uk *.google.com *.facebook.com *.g.doubleclick.net *.pinterest.com *.maps.gstatic.com *.googleapis.com https://trk.ometria.com/ *.adalyser.com *.postcodeanywhere.co.uk *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.hotjar.com *.adnxs.com *.facebook.net *.ladesk.com *.adalyser.com *.g.doubleclick.net *.hotjar.io *.pinterest.com *.reviews.co.uk *.maps.googleapis.com https://maps.googleapis.com http://cdn.ometria.com https://cdn.ometria.com https://cdn.polyfill.io/ *.google.com *.pcapredict.com *.postcodeanywhere.co.uk *.ccdc02.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.postcodeanywhere.co.uk tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.reviews.co.uk https://widget.reviews.co.uk https://www.pingdom.com https://api.reviews.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net http://www.googletagmanager.com/ *.facebook.com *.braintree-api.com *.braintreegateway.com *.postcodeanywhere.co.uk 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wed2b.com/; report-to report-endpoint; 1 ; frame-ancestors 'self' 1 font-src data: dybp9aem9km4k.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com data: *.cdninstagram.com scontent.* *.facebook.com www.safemage.com dybp9aem9km4k.cloudfront.net *.paypal.com static.afterpay.com www.facebook.com maps.gstatic.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com maps.googleapis.com *.googletagmanager.com *.facebook.net dybp9aem9km4k.cloudfront.net www.googletagmanager.com connect.facebook.net secure.ewaypayments.com *.afterpay.com www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ dybp9aem9km4k.cloudfront.net *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com dybp9aem9km4k.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com *.google-analytics.com dybp9aem9km4k.cloudfront.net www.facebook.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://benignevexiacenter.com?gdsih-csp-report; 1 default-src 'self'; script-src 'unsafe-inline' 'self' *.amazonaws.com *.yotpo.com *.amplitude.com *.glassboxcdn.com *.facebook.net *.hifiona.com *.evenfinancial.com *.leaplife.com *.intercomcdn.com *.stackadapt.com *.intercom.io *.datadoghq-browser-agent.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.yotpo.com *.googleapis.com *.stackadapt.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.doubleclick.net *.amazonaws.com *.yotpo.com *.intercom.io *.amplitude.com *.contentful.com *.optimizely.com *.mparticle.com https://report.sofi.glassboxdigital.io *.stackadapt.com *.google-analytics.com wss://nexus-websocket-a.intercom.io *.rollbar.com; font-src 'self' *.gstatic.com *.googleapis.com *.yotpo.com; frame-src 'self' https://embed.evenfinancial.com https://embed.leaplife.com https://www.google.com/; img-src 'self' *.google.com *.githubusercontent.com *.evenfinancial.com *.yotpo.com https://s3.amazonaws.com https://images.ctfassets.net http://images.ctfassets.net *.facebook.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri /_/csp-violation-report-logger 1 connect-src 'self' sentry.io *.plumbnation.co.uk host-9ffeki.api.swiftype.com bat.bing.com in.hotjar.com knrpc.olark.com stats.g.doubleclick.net vc.hotjar.io www.google-analytics.com www.google.com; font-src 'self' *.plumbnation.co.uk data: script.hotjar.com fonts.gstatic.com; form-action 'self' pay.realexpayments.com; frame-src pay.realexpayments.com www.google.com bid.g.doubleclick.net secure.barclaycard.co.uk static.olark.com storage.googleapis.com tpc.googlesyndication.com vars.hotjar.com www.paypalobjects.com www.securesuite.co.uk; img-src 'self' *.plumbnation.co.uk data: bat.bing.com f.monetate.net googleads.g.doubleclick.net log.olark.com paypal-eu-arh.cloudiq.com sb.monetate.net stats.g.doubleclick.net t.paypal.com www.google-analytics.com www.google.co.uk www.google.com www.google.com.hk www.google.com.pk www.google.hr www.googletagmanager.com www.paypal.com www.google.com.sg www.google.es www.google.nl; manifest-src 'self'; script-src-elem 'self' www.googletagmanager.com *.plumbnation.co.uk pagead2.googlesyndication.com www.google.com www.gstatic.com 'unsafe-inline' adservice.google.co.uk adservice.google.com api.olark.com assets.olark.com bat.bing.com browser.sentry-cdn.com f.monetate.net googleads.g.doubleclick.net paypal-eu-cdn.cloudiq.com script.hotjar.com se.monetate.net static.hotjar.com static.olark.com tpc.googlesyndication.com www.google-analytics.com www.googleadservices.com www.paypal.com www.paypalobjects.com knrpc.olark.com; style-src-elem *.plumbnation.co.uk 'unsafe-inline' cdn.datatables.net static.olark.com storage.googleapis.com; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri https://plumbnation.report-uri.com/r/d/csp/wizard 1 font-src *.bootstrapcdn.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://static.olark.com https://bid.g.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://log.olark.com https://www.google.com https://marketing.labdepotinc.com https://www.google.com.ph https://stats.g.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.google-analytics.com *.bootstrapcdn.com https://www.bugherd.com https://cdn.nextopia.net https://static.olark.com https://connect.facebook.net https://nrpc.olark.com https://www.googletagmanager.com https://marketing.labdepotinc.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://static.cloudflareinsights.com https://api.olark.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.bootstrapcdn.com https://cdn.nextopia.net https://static.olark.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.paypal.com *.bootstrapcdn.com https://nrpc.olark.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.labdepotinc.com/; report-to report-endpoint; 1 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.twojnzoz.pl az416426.vo.msecnd.net maps.google.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: maps.google.com maps.gstatic.com maps.googleapis.com csi.gstatic.com http://*.twojnzoz.pl; connect-src 'self' https://localhost:16501 ws://*.twojnzoz.pl https://dc.services.visualstudio.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ ; report-uri https://mediporta.report-uri.io/r/default/csp/reportOnly; 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: about:; report-uri /_resources/php/csp-report.php 1 default-src 'self'; connect-src 'self' https://wp-static.assets.sh https://notify.bugsnag.com https://sessions.bugsnag.com https://www.google-analytics.com https://performance.typekit.net; font-src 'self' https://wp-static.assets.sh https://use.typekit.net; frame-src 'self' https://www.googletagmanager.com https://player.vimeo.com; img-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.be https://www.google.com https://p.typekit.net https://i.vimeocdn.com data: https://hugoandmarie-wp.imgix.net; manifest-src 'self' https://wp-static.assets.sh; media-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://player.vimeo.com https://vimeo.com https://vod-progressive.akamaized.net; script-src 'self' 'unsafe-inline' https://polyfill.io https://wp-static.assets.sh https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net https://s3.amazonaws.com https://hugoandmarie.us12.list-manage.com/subscribe/post-json https://s3.amazonaws.com/downloads.mailchimp.com/js/; style-src 'self' 'unsafe-inline' https://wp-static.assets.sh https://use.typekit.net https://p.typekit.net; worker-src 'self' https://wp-static.assets.sh; frame-ancestors 'none'; form-action 'self' https://hugoandmarie.us12.list-manage.com; report-uri https://mrhenry.report-uri.com/r/d/csp/reportOnly 1 frame-src 'self' http://mapy.kr-plzensky.cz; report-uri /log 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 1 default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://main.101gen.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1582296090 1 default-src https: 'unsafe-inline' 'unsafe-eval' blob: wss://www.ottonova.de; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; report-uri https://ottonova.report-uri.com/r/d/csp/wizard 1 default-src 'self' 'unsafe-inline' localhost *.inbhive.com inbhive.com fonts.googleapis.com fonts.gstatic.com dc.services.visualstudio.com *.msecnd.net *.analysis.windows.net app.powerbi.com; img-src 'unsafe-eval' 'self' localhost *.inbhive.com data: ; connect-src 'self' localhost *.inbhive.com ws: wss: dc.services.visualstudio.com 1 default-src 'self' *.gammonvillage.com gammonvillage.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' hello.zonos.com cdn.iglobalstores.com cdn.jsdelivr.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com ajax.googleapis.com code.jquery.com platform.twitter.com apis.google.com connect.facebook.net stats.g.doubleclick.net maps.google.com maps.googleapis.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com www.gstatic.com bat.bing.com *.whoson.com io.clickguard.com sealserver.trustwave.com assets.secure.checkout.visa.com secure.checkout.visa.com src.mastercard.com www.aexp-static.com; frame-src 'self' pixlr.com codealike.com platform.twitter.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com www.youtube.com *.doubleclick.net *.visa.com *.mastercard.com *.americanexpress.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com; img-src 'self' data: www.gammonvillage.com gammonvillage.com staging.gammonvillage.com *.amazonaws.com hello.zonos.com www.paypalobjects.com *.visa.com www.paypal.com www.gravatar.com ssl.comodo.com sealserver.trustwave.com syndication.twitter.com stats.g.doubleclick.net maps.gstatic.com maps.google.com www.google.com www.google.ca www.google-analytics.com *.whoson.com bat.bing.com dkolz1uzvia15.cloudfront.net d2ldlvi1yef00y.cloudfront.net; font-src 'self' fonts.gstatic.com; connect-src 'self' hello.zonos.com rum-collector-2.pingdom.net io.clickguard.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com payments-sandbox.amazon.com payments.amazon.com; report-to default 1 font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.facebook.com https://ct.pinterest.com data: https://*.cloudfront.net https://*.magentocommerce.com https://*.vimeocdn.com https://*.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://connect.facebook.net https://*.xg4ken.com https://s.pinimg.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://ak.sail-horizon.com https://www.gstatic.com https://www.google.com https://payments.qa-cloud.buysub.com https://static-na.payments-amazon.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://payments.qa-cloud.buysub.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://*.hearstdigitalstudios.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://ct.pinterest.com https://api.sail-personalize.com https://bam.nr-data.net https://payments-api.qa-cloud.buysub.com https://www.paypal.com https://payments-sandbox.amazon.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src https://resources.xg4ken.com https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com https://s.pinimg.com https://ak.sail-horizon.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.typekit.net *.gstatic.com *.googleapis.com *.bazaarvoice.com *.xisecurenet.com data: acsbap.com acsbapp.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.takemefishing.org 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.bazaarvoice.com *.google.com *.youtube.com *.facebook.com *.xisecurenet.com *.paymetric.com *.doubleclick.net *.fishbrain.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klaviyo.com *.googleadservices.com *.google-analytics.com *.paypal.com data: *.zebco.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.google.com *.doubleclick.net *.gstatic.com *.facebook.com insight.adsrvr.org *.xisecurenet.com *.bazaarvoice.com *.googletagmanager.com ib.adnxs.com pixel.advertising.com match.adsrvr.org *.yahoo.com pixel.rubiconproject.com *.bidswitch.net dsum-sec.casalemedia.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.typekit.net/ *.pixriot.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.klaviyo.com https://fast.a.klaviyo.com *.bazaarvoice.com *.google-analytics.com *.gstatic.com *.magentocommerce.com *.cardinalcommerce.com *.google.com *.googletagmanager.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.facebook.net *.xisecurenet.com *.newrelic.com bam.nr-data.net *.experticity.com *.iesnare.com *.typekit.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.typekit.net/ *.fonts.net *.googleapis.com *.gstatic.com *.bazaarvoice.com *.xisecurenet.com *.klaviyo.com *.myfonts.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klaviyo.com *.paypal.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.google.com *.google-analytics.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.xisecurenet.com *.bazaarvoice.com *.experticity.com bam.nr-data.net *.facebook.net cdn.acsbap.com cdn.acsbapp.com google-analytics.com *.pixriot.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'nonce-lEH7K63awox62zelYgh0_A' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'self' data: 'unsafe-inline' https://*.tuev-sued.de https://www.tuvsud.com https://cdn.cookielaw.org/ https://privacyportal-eu.onetrust.com/ https://fast.fonts.net https://*.gstatic.com https://*.googleapis.com/ https://www.googletagmanager.com/a https://www.google-analytics.com/ https://www.google.com https://www.google.com.sg https://*.g.doubleclick.net/ https://hm.baidu.com/ https://www.facebook.com/ https://hello.myfonts.net/ https://px.ads.linkedin.com https://p.adsymptotic.com/ https://bat.bing.com/ https://t.co https://track.hubspot.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://safetyfirst.podigee.io/ https://cdn.podigee.com/ https://www.tryinteract.com/ https://i.tryinteract.com/ https://academy.tuv-sud-america.com https://us-academy.tuvsud.com https://drift.com https://event.on24.com https://ap-apps.tuev-sued.com/ https://apps.tuv-sud.in https://academy.tuv-sud-psb.sg/ https://tuvsudds.regfox.com https://madeforchina.tuv-sud.cn https://connect.tuv.it https://digital-academy-it.tuv.it/it https://api.map.baidu.com https://tuvamerica.com https://www.tuv-sud.es; frame-src https://*.tuev-sued.de https://mail.tuv-sud.com https://apps.tuv-sud.in https://js.driftt.com/ https://www.facebook.com https://www.youtube.com https://portal.tuv-sud.cz/ https://embed.kfztermin.com/ https://app.sendnode.com https://backend.spapps.tuev-sued.com/ https://bid.g.doubleclick.net https://netdocx.netinform.de https://softwareservice.netinform.de https://tuvsud.loki.media https://vars.hotjar.com https://www.autoevaluacioncompliancetuvsud-prod.es https://www.google.com https://www.objektbrief.de https://www.safer-shopping.de https://safetyfirst.podigee.io/ https://cdn.podigee.com/ https://app.itrivio.cz/tuv-sud/ madeforchina.tuv-sud.cn e.issuu.com https://ap-apps.tuev-sued.com/ https://academy.tuv-sud-psb.sg/ https://forms.tuv-sud.jp https://www.eventbrite.co.uk https://academy.tuv-sud-america.com/ https://tuvsud-dev.loki.media/ https://www.tryinteract.com/ https://i.tryinteract.com/ https://academy.tuv-sud-america.com https://us-academy.tuvsud.com https://drift.com https://event.on24.com https://ap-apps.tuev-sued.com/ https://apps.tuv-sud.in https://academy.tuv-sud-psb.sg/ https://tuvsudds.regfox.com https://madeforchina.tuv-sud.cn https://connect.tuv.it https://digital-academy-it.tuv.it/it https://api.map.baidu.com https://tuvamerica.com https://www.tuv-sud.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://*.tuev-sued.de/ https://www.tuvsud.com/ https://hm.baidu.com/ https://js.driftt.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://connect.facebook.net/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://www.google-analytics.com/ https://www.google.com/pagead/ https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://maps.googleapis.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://s.ytimg.com/ https://www.youtube.com/iframe_api https://cdn.podigee.com/ https://b92.yahoo.co.jp/ e.issuu.com https://www.eventbrite.co.uk https://www.tryinteract.com/ https://i.tryinteract.com/ https://academy.tuv-sud-america.com https://us-academy.tuvsud.com https://drift.com https://event.on24.com https://ap-apps.tuev-sued.com/ https://apps.tuv-sud.in https://academy.tuv-sud-psb.sg/ https://tuvsudds.regfox.com https://madeforchina.tuv-sud.cn https://connect.tuv.it https://digital-academy-it.tuv.it/it https://api.map.baidu.com https://tuvamerica.com https://www.tuv-sud.es; object-src 'none'; 1 frame-ancestors 'none'; block-all-mixed-content; object-src 'none'; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 1 font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com http://fonts.gstatic.com https://secure.authorize.net https://test.authorize.net https://kit-free.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.youtube.com https://secure.authorize.net https://test.authorize.net https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://stats.g.doubleclick.net https://s3.us-west-1.wasabisys.com https://s3.wasabisys.com https://secure.authorize.net https://test.authorize.net https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com https://fpdbs.sandbox.paypal.com data: https://cdn.morguefile.com cdn.pixabay.com https://pixabay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://www.vimeo.com https://secure.authorize.net https://test.authorize.net https://t.paypal.com https://js.authorize.net https://jstest.authorize.net https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://kit.fontawesome.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com https://includes.ccdc02.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com http://fonts.googleapis.com https://getfirebug.com https://kit-free.fontawesome.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com https://secure.authorize.net https://test.authorize.net https://www.paypalobjects.com https://www.sandbox.paypal.com https://s3.wasabisys.com https://s3.us-west-1.wasabisys.com http://m2.makemynewspaper.com http://www.makemynewspaper.com https://staging.makemynewspaper.com https://enewspaper.makemynewspaper.com https://jstest.authorize.net https://apitest.authorize.net https://js.authorize.net https://api.authorize.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://makemynewspaper.com/var/log; report-to report-endpoint; 1 script-src 'nonce-VhmMtnPEb1YxgXZ8iF0Leg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com *.browsealoud.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.siinergy.net themes.googleusercontent.com *.typekit.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tagmanager.google.com www.google.com js.driftt.com https://api.mapbox.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com; worker-src blob:; report-uri https://sii-group.com/en-GB/report-uri/reportOnly 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://store.plumrocket.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.doubleclick.net https://www.youtube.com https://store.plumrocket.com *.addthis.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net https://www.magezon.com *.cloudflare.com https://cdn.klarna.com data: https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com/ *.googletagmanager.com *.facebook.com *.doubleclick.net *.avada.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com www.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es api.razorpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es cdn.razorpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io https://player.vimeo.com https://www.youtube.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://fonts.googleapis.com https://fonts.gstatic.com lumberjack.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; img-src https://www.proefjes.nl/images/; script-src https://www.proefjes.nl/scripts/; style-src https://www.proefjes.nl/styles/; form-action 'none'; base-uri https://www.proefjes.nl/; frame-ancestors 'none'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 1 default-src 'self'; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://shamlatech.com?gdsih-csp-report; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com 'self' data: cdn.checkout.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.youtube.com *.hotjar.com *.doubleclick.net *.epdq.co.uk *.demdex.net *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.google.com *.google.co.uk *.zopim.com *.doubleclick.net *.gstatic.com d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.eidemo.biz *.facebook.com *.google.co.in *.demdex.net *.omtrdc.net maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com maps.googleapis.com *.checkout.com *.aspnetcdn.com *.hotjar.com *.gatorleads.co.uk *.facebook.net *.facebook.com *.aqualisa.co.uk *.aqualisa.co.uk:8085 *.sellxed.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.google-analytics.com *.doubleclick.net *.aqualisa.co.uk *.aqualisa.co.uk:8085 *.hotjar.com *.facebook.net *.facebook.com *.demdex.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' https://platform.twitter.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.typekit.net https://*.yotpo.com data: https://*.getsitecontrol.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com https://*.arcot.net https://*.arcot.com https://*.facebook.com https://live.sagepay.com https://www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net data: https://*.facebook.com https://*.yotpo.com https://*.pinterest.com https://yotpo-editor-production.s3.amazonaws.com https://*.googletagmanager.com https://*.googleapis.com https://*.monetate.net https://*.getsitecontrol.com https://*.trackedlink.net https://*.kaltura.com https://*.atdmt.com https://www.sagepay.co.uk https://*.gstatic.com https://www.opayo.co.uk https://*.omtrdc.net/ https://*.google.ca https://*.google.com.au https://*.google.com.nz www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com commerce.adobedtm.com js.braintreegateway.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.pcapredict.com/js/sensor.js https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com static.searchanise.com https://apis.google.com https://*.zdassets.com https://*.monetate.net https://*.yotpo.com https://r1-t.trackedlink.net https://searchanise-ef84.kxcdn.com https://connect.facebook.net https://*.getsitecontrol.com https://www.searchanise.com https://ajax.aspnetcdn.com https://tracking1.force24.co.uk https://code.jquery.com https://www.google-analytics.com https://*.kaltura.com https://*.zopim.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com https://*.googleapis.com https://*.typekit.net searchanise-ef84.kxcdn.com s3.amazonaws.com https://*.yotpo.com https://searchanise-ef84.kxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://*.zdassets.com https://*.kaltura.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net performance.typekit.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://*.zdassets.com https://tilegiant.zendesk.com https://*.yotpo.com wss://widget-mediator.zopim.com https://*.google-analytics.com https://www.facebook.com https://*.doubleclick.net https://*.kaltura.com api.craftyclicks.co.uk 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://3769bf36d5952e6888ca25bffa458fa2.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1 default-src 'none'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: blob: https://*.ytimg.com; connect-src 'self' wss: https://error.connectedcooking.com https://i.ytimg.com; manifest-src 'self'; worker-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; child-src 'self' https://www.youtube-nocookie.com; report-uri https://error.connectedcooking.com/api/5/security/?sentry_key=a683ed9e455f4e6e99e244050e74b31c&ngsw-bypass 1 default-src 'self'; connect-src 'self' https://api.stripe.com https://www.google-analytics.com *.sentry.io; frame-src https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.openstreetmap.org https://www.google-analytics.com/ https://*.tileserver.com/fpsUZbULUtp1/ https://*.tiles.virtualearth.net www.googletagmanager.com; script-src 'self' https://polyfill.io/v3/polyfill.min.js https://*.virtualearth.net https://js.stripe.com https://www.googletagmanager.com/gtag/js https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri https://o130063.ingest.sentry.io/api/5212905/security/?sentry_key=026cfa5e26e24b0abb114f70a0d30e64 1 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 1 default-src *.cloud.mail.ru *.clob.mail.ru *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.gemius.pl *.weborama.fr *.adriver.ru *.serving-sys.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com *.yandex.ru; script-src 'unsafe-inline' 'unsafe-eval' *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.yandex.ru *.odnoklassniki.ru odnoklassniki.ru *.ok.ru ok.ru *.scorecardresearch.com www.google-analytics.com www.googletagmanager.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com yastatic.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; img-src data: *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com cdn.consentmanager.mgr.consensu.org; font-src data: cloud.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; frame-src *.mail.ru *.datacloudmail.ru *.cldmail.ru docs.mail.ru *.officeapps.live.com *.mradx.net yastatic.net; object-src data: blob: https://*; report-uri https://cspreport.mail.ru/cloud/; worker-src blob: *.mail.ru; connect-src https://*.mail.ru https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ok.ru https://*.yandex.ru https://analytics.google.com https://corsapi.imgsmail.ru https://vk.com; 1 default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com www.elementalled.com elementalled.com www.googletagmanager.com s3.amazonaws.com *.google-analytics.com *.zopim.com *.zdassets.com js-agent.newrelic.com bam.nr-data.net *.google.com www.gstatic.com www.diodeled.com *.googleapis.com 1 upgrade-insecure-requests; script-src 'self' 'unsafe-inline' https://stats.liqd.net; block-all-mixed-content; style-src 'self' 'unsafe-inline'; default-src 'self' https://stats.liqd.net https://w.soundcloud.com 1 default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=newspaper_PETPLUSDVA 1 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com/ https://www.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.magezon.com maps.gstatic.com data: *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.google.com/ maps.googleapis.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.instagram.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1 connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage®ion=US&lang=en-US&device=desktop&yrid=7arfc5tg02b88&partner=; 1 default-src 'none'; block-all-mixed-content; script-src *.fareharbor.com fareharbor.com content.fareharbor.me *.cloudfront.net *.stripe.com *.adyen.com *.mxpnl.com cdn.mxpnl.com *.filestackapi.com *.pusher.com *.optimizely.com cdn.optimizely.com *.google.com *.googleapis.com *.google-analytics.com https://www.google-analytics.com *.adroll.com *.adroll.mgr.consensu.org *.facebook.net *.facebook.com *.cloudflare.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.gstatic.com *.paypal.com 'unsafe-eval' 'unsafe-inline'; img-src * data: image/svg+xml image/png; style-src *.fareharbor.com fareharbor.com content.fareharbor.me *.cloudfront.net *.googleapis.com 'unsafe-inline'; connect-src https: wss:; form-action 'self' https:; base-uri 'self'; font-src fh-sites.imgix.net data: 'self'; frame-src *.stripe.com *.adyen.com *.filestackapi.com *.googletagmanager.com *.hotjar.com www.google.com airtable.com player.vimeo.com facebook.com fareharbor.com *.paypal.com; object-src 'none'; report-uri /csp-report/ 1 default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data:http://62.232.0.117 http://deriv.nls.uk http://maps.nls.uk font-src https: data: ; report-uri https://csp.rcahms.gov.uk/sp-live ; 1 font-src *.klarnaservices.com/ playground.klarnaservices.com/ https://fonts.gstatic.com/ https://cardinalcommerce.com/ 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaservices.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://testflex.cybersource.com/ https://cybersource.com/ https://songbirdstag.cardinalcommerce.com/ 0merchantacsstag.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaservices.com/ https://cdn.wisepops.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com klarnaservices.com/ https://consent.cookiebot.com/ http://container.pepperjam.com/ https://na-library.playground.klarnaservices.com/ http://loader.wisepops.com/ http://cdn.wisepops.com/ https://cdn.wisepops.com/ https://fonts.googleapis.com https://js-agent.newrelic.com/ https://bam.nr-data.net https://bam.nr-data.net/ https://h.online-metrix.net https://testflex.cybersource.com/ https://cybersource.com/ https://songbirdstag.cardinalcommerce.com/ https://cardinalcommerce.com/ https://static.trackedweb.net/ http://static.trackedweb.net/js/ https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.google-analytics.com/ https://r1-t.trackedlink.net/ https://r1-t.trackedlink.net/_dmpt.js https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com klarnaservices.com/ *.klarnauserservices.com *.klarnaevt.com/ http://container.pepperjam.com/ https://na-library.playground.klarnaservices.com/ http://popup.wisepops.com/ https://tracking.wisepops.com/ https://bam.nr-data.net/ https://cardinalcommerce.com/ https://geostag.cardinalcommerce.com/ https://fonts.googleapis.com/ https://r1.trackedweb.net/ https://www.google-analytics.com/ https://r1-t.trackedlink.net/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://elabelz.com/csp/endpoint; report-to report-endpoint; 1 font-src *.fontawesome.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://store.plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://maps.gstatic.com https://maps.googleapis.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob: data: https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://*.getbeyond.com https://*.pardot.com/ https://www.youtube.com/ https://beyondinc.applytojob.com/ https://beyondinc.applytojob.com/ https://player.vimeo.com/ https://vars.hotjar.com/ https://bid.g.doubleclick.net https://*.getbeyond.com https://*.pardot.com https://www.facebook.com/; img-src 'self' blob: data: https://stats.g.doubleclick.net/ https://i.ytimg.com https://*.getbeyond.com https://cdnjs.cloudflare.com/ajax/ https://www.facebook.com/tr/ https://px.ads.linkedin.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com/tr/; font-src 'self' data: https://script.hotjar.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://static.juicer.io/ https://cdnjs.cloudflare.com/ajax/ https://static.juicer.io/https://fonts.googleapis.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://www.googleadservices.com https://s.ytimg.com https://www.youtube.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.getbeyond.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://cdnjs.cloudflare.com/ https://assets.juicer.io/ https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://pi.pardot.com; style-src 'self' 'unsafe-inline' https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://assets.juicer.io/ https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com; object-src 'none'; report-uri https://my.getbeyond.com/csp-report; 1 frame-ancestors 'self'; default-src 'self' https:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' https: data:; report-uri https://concordia.report-uri.com/r/d/csp/reportOnly; 1 font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' d3jbm9h03wxzi9.cloudfront.net fonts.googleapis.com data: https:; img-src 'self' d3jbm9h03wxzi9.cloudfront.net s3.amazonaws.com/revue revue.imgix.net data: https:; object-src 'none'; script-src 'self' d3jbm9h03wxzi9.cloudfront.net cdn.mxpnl.com checkout.stripe.com connect.facebook.net www.google-analytics.com js.stripe.com use.typekit.net *.intercomcdn.com *.taxamo.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 'unsafe-eval' https: 'nonce-J+IZGOuHTT5Y3HqKUE2bTw=='; frame-src api.taxamo.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https:; style-src 'self' d3jbm9h03wxzi9.cloudfront.net 'unsafe-inline' https:; connect-src 'self' wss://*.intercom.io *.intercom.io *.intercomcdn.com wss://*.pusher.com https:; report-uri /csp-report 1 default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net http://m.addthis.com http://m.addthisedge.com http://s7.addthis.com https://www.google-analytics.com http://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' data: 'unsafe-inline' ; img-src * https://www.google-analytics.com https://www.google.co.uk https://www.google.com; connect-src 'self' http://s7.addthis.com http://m.addthis.com; frame-src http://s7.addthis.com; report-uri https://3chillies.report-uri.io/r/default/csp/reportOnly; 1 font-src fonts.gstatic.com 'self' apps.mews.li; img-src *.googleapis.com *.gstatic.com 'self' *.mews.li *.bing.com *.duettoresearch.com *.onetrust.com cx.atdmt.com data: *.doubleclick.net *.googleusercontent.com *.quantserve.com *.lockeliving.com *.windows.net *.facebook.com *.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com www.gstatic.com www.google.ie *.googleapis.com *.ggpht.com; script-src maps.googleapis.com 'self' 'unsafe-eval' 'nonce-yCrFzjr0OGHUmLACuv9ZPCwy97Xc6dn7pgyTj80GFLE=' *.mews.li bat.bing.com capture.duettoresearch.com *.onetrust.com *.facebook.net *.doubleclick.net rules.quantcount.com secure.quantserve.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com fareharbor.com *.lockeliving.com www.instagram.com; style-src fonts.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' *.lockeliving.com; connect-src *.triptease.io *.onetrust.com 'self' *.mews.li bat.bing.com *.duettoresearch.com *.visualstudio.com *.doubleclick.net *.facebook.com *.google-analytics.com *.instagram.com; frame-src *.google.com *.doubleclick.net ms-appx-web://microsoft.microsoftedge *.facebook.com *.googletagmanager.com 'self' fareharbor.com gifer.com pay.datatrans.com *.onetrust.com *.instagram.com *.youtube.com *.clickdimensions.com *.lockeliving.com *.findingedyn.com; www.findingedyn.com script-src-elem *.onetrust.com *.google.com *.gstatic.com 'self' 'unsafe-inline' *.mews.li *.bing.com *.duettoresearch.com *.facebook.net data: *.doubleclick.net *.googleapis.com *.lockeliving.com *.quantcount.com *.quantserve.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.mews.li fareharbor.com *.datatrans.com *.instagram.com; default-src 'unsafe-eval' 'unsafe-inline' data: *.googleapis.com *.gstatic.com maps.googleapis.com www.google.com *.mews.li *.onetrust.com; media-src *.vimeo.com *.akamaized.net; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.lockeliving.com *.google.com; child-src www.google.com; manifest-src 'self'; report-uri https://lockeliving.report-uri.com/r/d/csp/wizard 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com *.nosto.com *.nos.to https://store.plumrocket.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.doubleclick.net display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.klarnaservices.com *.paypal.com *.livechatinc.com *.braintreegateway.com *.kaptcha.com *.criteo.com *.hotjar.com *.authorize.net *.vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to https://store.plumrocket.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.klarnaservices.com *.klarnacdn.net *.bing.com *.tvsquared.com *.bazaarvoice.com *.googletagmanager.com *.nosto.com *.nos.to yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.criteo.net *.criteo.com *.pcapredict.com *.paypal.com *.bing.com *.hotjar.com *.chatservice.co *.tvsquared.com *.livechatinc.com *.msecnd.net g4159771035.co g4555939705.co g4754024040.co *.postcodeanywhere.co.uk *.bazaarvoice.com *.newrelic.com *.nr-data.net *.amazonaws.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.nosto.com *.nos.to yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net display.ugc.bazaarvoice.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.postcodeanywhere.co.uk cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.braintree-api.com *.braintreegateway.com *.klarnaservices.com *.klarnauserservices.com *.klarnaevt.com *.visualstudio.com *.chatservice.co *.now.sh *.postcodeanywhere.co.uk *.hotjar.com *.nr-data.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.nosto.com *.nos.to yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com jquery.sellxed.com *.googletagmanager.com *.facebook.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 "default-src 'self' live.adyen.com *.online-metrix.net *.queue-it.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.force.com *.twitter.com *.instagram.com *.nescafe.es checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.criteo.com *.criteo.net *.facebook.net *.en25.com *.krxd.net *.googleapis.com *.youtube.com *.fusepump.com *.serving-sys.com *.moatads.com *.addthisedge.com *.quantserve.com *.quantcount.com *.oppwa.com oppwa.com *.googleadservices.com *.bkrtx.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.evidon.com *.betrad.com *.google-analytics.com *.google.com *.googletagmanager.com *.addthis.com live.adyen.com *.queue-it.net *.salesforceliveagent.com *.online-metrix.net *.ytimg.com; style-src 'self' 'unsafe-inline' *.oppwa.com oppwa.com *.force.com *.googleapis.com *.fusepump.com; font-src 'self' data: *.sfdcstatic.com *.gstatic.com 'unsafe-inline'; img-src 'self' *.google.ro *.twitter.com *.oppwa.com oppwa.com *.quantserve.com *.w.org *.dolce-gusto.it dolce-gusto.it *.gstatic.com *.googleapis.com *.fusepump.com *.eloqua.com *.google.com *.facebook.com *.doubleclick.net 'unsafe-inline' *.dolce-gusto.it *.google-analytics.com *.googletagmanager.com *.online-metrix.net *.youtube.com *.betrad.com *.evidon.com data: *.krxd.net *.yahoo.com *.pump.to *.pubmatic.com *.stickyadstv.com *.yieldmo.com *.taboola.com *.e-planning.net *.tremorhub.com *.liadm.com *.outbrain.com *.rubiconproject.com *.smaato.net *.360yield.com *.openx.net *.pubmatic.com *.casalemedia.com *.3lift.com *.advertising.com *.teads.tv *.omnitagjs.com *.media.net *.bidswitch.net *.sharethrough.net *.criteo.com *.adnxs.com *.adform.net *.smartadserver.com *.ivitrack.com *.amazon-adsystem.com *.sharethrough.com *.turn.com *.adsrvr.org *.cdglb.com *.bnmla.com *.postrelease.com *.adscale.de *.twiago.com *.yieldlab.net *.smartclip.net *.addthis.com *.yandex.ru *.demdex.net *.mail.ru *.socdm.com *.facebook.net *.ytimg.com; connect-src 'self' *.oppwa.com oppwa.com *.fusepump.com *.analyze.ly *.nr-data.net 'unsafe-inline' *.facebook.com *.dolce-gusto.it *.online-metrix.net *.addthis.com *.sessioncam.com; frame-src *.doubleclick.net *.dolce-gusto.it *.postfinance.ch *.online-metrix.net *.addthis.com *.krxd.net *.facebook.com *.criteo.net *.youtube.com *.twitter.com *.force.com *.oppwa.com oppwa.com *.ppipe.net " 1 frame-ancestors 'self' https://www.chasepaymentechhostedpay.com;font-src 'self' https://fonts.gstatic.com https://webfonts.zohostatic.com https://static.ecorebates.com https://ajax.googleapis.com https://use.typekit.net data: ;base-uri 'self' ; object-src 'self' https://na.electroluxmedia.com https://media.electroluxappliances.com; report-uri /CSP-report; 1 font-src https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src *; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * ; frame-src *; script-src * data: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com; 1 default-src 'self' https://* https://*.apiaryfund.com blob: data:; script-src 'self' 'unsafe-inline' https://use.typekit.net https://js.hs-analytics.net https://js.hs-scripts.com https://*.statuspage.io https://stats.g.doubleclick.net https://f1a9c731519348f1bd62d71aeefe28ac.js.ubembed.com https://wq377.infusionsoft.com https://cdn.onesignal.com https://platform.twitter.com https://*.wistia.com https://*.googleapis.com https://*.unbounce.com https://*.ubembed.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://seal.godaddy.com https://lightwidget.com https://*.lightwidget.com https://www.google-analytics.com https://*.fxstreet.com https://ssl.google-analytics.com https://onesignal.com https://momentjs.com/; connect-src 'self' https://*.wistia.com https://*.litix.io/ https://8l3gzpfmwny3.statuspage.io https://*.typekit.net https://www.google-analytics.com https://onesignal.com data:; img-src 'self' https://apiarycdn.s3.amazonaws.com https://*.akamaihd.net https://*.hubspot.com https://stats.g.doubleclick.net https://syndication.twitter.com https://d9hhrg4mnvzow.cloudfront.net https://*.wistia.com https://*.typekit.net https://*.ubembed.com https://*.google.com https://*.google.co.uk https://cdnjs.cloudflare.com https://*.google-analytics.com https://www.google.com.ph https://www.google.co.za https://*.fxstreet.com https://seal.godaddy.com https://wq377.infusionsoft.app https://www.google.ca https://*.unbounce.com data:; font-src 'self' https://fonts.gstatic.com https://*.typekit.net data:; child-src 'self' https://*.wistia.com https://www.youtube.com https://wq377.infusionsoft.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.unbounce.com https://*.fxstreet.com blob:; frame-src 'self' https://*.google.com https://*.youtube.com https://*.wistia.com https://*.facebook.com https://*.lightwidget.com https://lightwidget.com https://*.twitter.com https://*.apiaryfund.com https://*.vimeo.com https://wq377.infusionsoft.app https://wq377.infusionsoft.com https://onesignal.com; media-src 'self' https://s3.amazonaws.com https://apiarycdn.s3.amazonaws.com blob:; report-uri /scripts/csp-violation-report-endpoint/ 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.us.hsbc.com cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com googleads.g.doubleclick.net lpcdn.lpsnmedia.net mcm-prod.us.hsbc.com www.google.com www.googleadservices.com www.googleadservices.com www.gstatic.com; img-src 'self' *.us.hsbc.com data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com 91820280.va.cobrowse.liveperson.net analytics.twitter.com bat.bing.com cm.everesttech.net col.eum-appdynamics.com dc.ads.linkedin.com dev.day.com dpm.demdex.net googleads.g.doubleclick.net insight.adsrvr.org lpcdn.lpsnmedia.net pixel.advertising.com s.amazon-adsystem.com sp.analytics.yahoo.com t.co www.facebook.com www.google.ca www.google.co.in www.google.com www.google.com.hk www.googleadservices.com www.hsbc.co.uk www.linkedin.com www.us.hsbc.com; child-src 'self' *.us.hsbc.com hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net 8725221.fls.doubleclick.net bid.g.doubleclick.net www.google.com; connect-src 'self' *.us.hsbc.com col.eum-appdynamics.com dpm.demdex.net 91820280.va.cobrowse.liveperson.net dspus-uat-transmit.p2g.netd2.hsbc.com.hk hsbcbankglobal.sc.omtrdc.net hsbcbankglobal.tt.omtrdc.net mboxedge17.tt.omtrdc.net mboxedge31.tt.omtrdc.net mboxedge34.tt.omtrdc.net mboxedge35.tt.omtrdc.net mcm-prod.us.hsbc.com mcm-sit-us.hsbc.com.hk zn0xmnygpneiallxn-hsbcdigital.siteintercept.qualtrics.com; frame-src 'self' *.us.hsbc.com 3464050.fls.doubleclick.net 8725221.fls.doubleclick.net bid.g.doubleclick.net datacloud.tealiumiq.com va.v.liveperson.net va-e.c.liveperson.net www.google.com; script-src-elem 'self' 'unsafe-inline' *.us.hsbc.com googleads.g.doubleclick.net lpcdn.lpsnmedia.net mcm-prod.us.hsbc.com www.google.com www.googleadservices.com www.gstatic.com lptag.liveperson.net www.googletagmanager.com hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com; style-src-elem 'self' 'unsafe-inline' *.us.hsbc.com 91820280.va.cobrowse.liveperson.net sy.v.liveperson.net; media-src 'self' *.us.hsbc.com lpcdn.lpsnmedia.net; default-src 'self' *.us.hsbc.com; style-src 'self' 'unsafe-inline' *.us.hsbc.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com/; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' safari-ukraina.com www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.yandex.ru metrika.yandex.ua mc.yandex.ru yastatic.net www.googleadservices.com googleads.g.doubleclick.net d31j93rd8oukbv.cloudfront.net mc.webvisor.org maps.googleapis.com *.jivosite.com *.privatbank.ua www.youtube.com s.ytimg.com *.ampproject.org https://static.mailerlite.com cdn.jsdelivr.net; default-src 'self' *.jivosite.com; frame-src *.safari-ukraina.com vkontakte.ru yastatic.net www.facebook.com vk.com api-maps.yandex.ru bid.g.doubleclick.net www.youtube.com *.google.com cdn.jivosite.com cdn-cis.jivosite.com https://static.mailerlite.com; img-src *.safari-ukraina.com data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 informer.yandex.ru www.google.com mc.yandex.ru www.google.com.ua googleads.g.doubleclick.net mc.webvisor.org csi.gstatic.com maps.googleapis.com maps.gstatic.com twemoji.maxcdn.com s3-eu-west-1.amazonaws.com ymetrica.com i.ytimg.com; style-src 'unsafe-inline' 'self' safari-ukraina.com fonts.googleapis.com https://static.mailerlite.com; report-uri http://csp.safari-ukraina.com; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193 api.maps.yandex.ru mc.webvisor.org *.jivosite.com ymetrica.com wss://chat.jivosite.com wss://chat4-1.jivosite.com *.ampproject.org stats.g.doubleclick.net www.google.com www.google.com.ua; object-src 'self' www.youtube.com; font-src 'self' fonts.gstatic.com; 1 font-src *.bredabeds.com *.affirm.com cdnjs.cloudflare.com *.yotpo.com fonts.gstatic.com *.googleapis.com *.zopim.com 'self' data: *.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.bredabeds.com *.twitter.com *.addthis.com *.youtube.com *.doubleclick.net *.google.com *.paypal.com *.affirm.com *.kaptcha.com *.braintreegateway.com cdn.dnky.co webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.bredabeds.com *.breda.co 'self' data: camo.githubusercontent.com *.yotpo.com *.doubleclick.net *.google.com *.ywxi.net *.zopim.com *.zopim.io *.cloudfront.net *.pinterest.com *.magentocommerce.com *.klarna.com *.bing.com *.paypal.com *.googletagmanager.com *.affirm.com maps.gstatic.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.bredabeds.com *.breda.co *.gstatic.com *.google.com *.googleapis.com cdn.jsdelivr.net *.cloudflare.com static.cloudflareinsights.com *.addthis.com *.moatads.com *.addthisedge.com *.yotpo.com *.zopim.com *.ywxi.net *.zdassets.com *.trustedsite.com *.cloudfront.net *.facebook.net *.facebook.com *.doubleclick.net *.bing.com *.pinimg.com bam.nr-data.net *.newrelic.com *.affirm.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com klarna-payments-na.playground.klarna.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bredabeds.com *.affirm.com *.googleapis.com cdn.jsdelivr.net *.cloudflare.com *.yotpo.com *.cloudfront.net data cdn.dnky.co webchat.dotdigital.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.bredabeds.com *.breda.co *.paypal.com *.yotpo.com *.amazonaws.com *.zdassets.com *.zopim.com 'self' ws: *.doubleclick.net *.google-analytics.com *.addthis.com *.pinterest.com bam.nr-data.net *.affirm.com *.rollbar.com *.braintree-api.com *.braintreegateway.com *.bing.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://breda.report-uri.com/r/d/csp; report-to report-endpoint; 1 report-uri https://csp.edipresse.pl/report/polki; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com platform.twitter.com connect.facebook.net *.addthis.com *.doubleclick.net; img-src 'self' *.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline' *.addthis.com *.doubleclick.net; media-src 'self' *.youtube.com; child-src 'self' *.youtube.com apis.google.com accounts.google.com *.googletagmanager.com platform.twitter.com *.addthis.com *.doubleclick.net *.facebook.com 1 font-src https://use.typekit.com https://use.typekit.net https://script.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.linkedin.com https://vars.hotjar.com https://disqus.com https://assets.braintreegateway.com https://www.google.com https://media.licdn.com https://www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://p.typekit.net https://www.google.com https://stats.g.doubleclick.net data:image https://track.hubspot.com https://www.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://chimpstatic.com https://swiftotter.disqus.com https://static.hotjar.com https://script.hotjar.com/ https://googleads.g.doubleclick.net https://use.typekit.net https://static.ads-twitter.com https://connect.facebook.net https://js.braintreegateway.com https://www.gstatic.com https://www.linkedin.com https://media.licdn.com https://www.google.com https://js.hs-scripts.com https://js.hs-banner.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://payments.sandbox.braintree-api.com https://origin-analytics-sand.sandbox.braintree-api.com https://payments.braintree-api.com https://client-analytics.braintreegateway.com https://in.hotjar.com https://vc.hotjar.io https://sentry.io https://www.paypal.com https://api.braintreegateway.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://disqus.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com https://fonts.googleapis.com https://staticw2.yotpo.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://sales.moebel.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://www.gstatic.com https://bat.bing.com https://ct.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://p.yotpo.com https://cdn-yotpo-images-production.yotpo.com https://staticw2.yotpo.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://bat.bing.com https://ct.pinterest.com https://s.pinimg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.de https://staticw2.yotpo.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://apis.google.com https://sales1.moebel.de www.googletagmanager.com www.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.gstatic.com https://fonts.googleapis.com https://staticw2.yotpo.com https://www.youtube.com 'self' 'unsafe-inline'; object-src ; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://bat.bing.com https://ct.pinterest.com https://s.pinimg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.de https://fonts.gstatic.com https://staticw2.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.nl&source%5Bsection%5D=brochure&source%5Buuid%5D=2193fc7054e0264a95a8da4edeab61a0 1 font-src maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com quickchart.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.safemage.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.avada.io connect.facebook.net twitter.com platform.twitter.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.google.com *.facebook.com *.gstatic.com *.typekit.net *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://www.google.com https://www.facebook.com https://app.sandbox.midtrans.com https://app.midtrans.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.gstatic.com *.google.com https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com 'self' data: *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com *.googleapis.com https://www.google.co.id 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google.com *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.googleapis.com https://cdn.mxpnl.com https://app.sandbox.midtrans.com https://app.midtrans.com https://googleads.g.doubleclick.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.twitter.com *.google.com *.facebook.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ws://127.0.0.1:35729 *.cloudflare.com *.twitter.com *.paypal.com *.google.com *.facebook.com https://api-js.mixpanel.com *.google-analytics.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com https://www.google.com *.doubleclick.net cdn.dnky.co youtube.com www.youtube.com *.hotjar.com www.facebook.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net www.google.com www.google.nl data: connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com www.facebook.com *.zopim.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net google.com www.google.com gstatic.com www.gstatic.com www.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.trustpilot.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com commerce.adobedc.net api.comapi.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net www.feedbackcompany.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1 default-src 'self' *.pensioenfederatie-jaarcongres.nl/ *.pensioenfederatie.nl/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pensioenfederatie-jaarcongres.nl/ *.pensioenfederatie.nl/; style-src 'self' 'unsafe-inline' *.pensioenfederatie-jaarcongres.nl/ *.pensioenfederatie.nl/; report-uri /cms/modules/cci/CSPReport/ 1 img-src https:; report-uri https://dmzls-dub-mc.safe-installation.com/casino 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; frame-ancestors http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; frame-src http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.google.com; font-src data: 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee fonts.gstatic.com; style-src 'unsafe-inline' 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee fonts.googleapis.com; connect-src 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.google-analytics.com stats.g.doubleclick.net; img-src blob: data: 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee https://www.trueweb.ee http://www.trueweb.ee ssl.google-analytics.com www.google-analytics.com www.google.com www.google.ee www.facebook.com; script-src 'unsafe-inline' 'unsafe-eval' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee www.gstatic.com www.google.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com connect.facebook.net www.facebook.com; base-uri 'self'; form-action 'self' http://www.trueweb.ee https://www.trueweb.ee websockets.pinal.ee; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com oss.maxcdn.com www.googletagmanager.com www.google.com *.gstatic.com *.googleapis.com *.kameleoon.com *.kameleoon.eu platform.linkedin.com platform.twitter.com connect.facebook.net *.amazonaws.com *.jquery.com *.cookiebot.com static.sfam.group; upgrade-insecure-requests; 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com jquery.sellxed.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' data: 'unsafe-inline' https://*.tuev-sued.de https://www.tuvsud.com https://cdn.cookielaw.org/ https://privacyportal-eu.onetrust.com/ https://fast.fonts.net https://*.gstatic.com https://*.googleapis.com/ https://www.googletagmanager.com/a https://www.google-analytics.com/ https://www.google.com https://www.google.com.sg https://*.g.doubleclick.net/ https://hm.baidu.com/ https://www.facebook.com/ https://hello.myfonts.net/ https://px.ads.linkedin.com https://p.adsymptotic.com/ https://bat.bing.com/ https://t.co https://track.hubspot.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://safetyfirst.podigee.io/ https://cdn.podigee.com/ https://www.tryinteract.com/ https://i.tryinteract.com/ https://academy.tuv-sud-america.com https://us-academy.tuvsud.com https://drift.com https://event.on24.com https://ap-apps.tuev-sued.com/ https://apps.tuv-sud.in https://academy.tuv-sud-psb.sg/ https://tuvsudds.regfox.com https://madeforchina.tuv-sud.cn https://connect.tuv.it https://digital-academy-it.tuv.it/it https://api.map.baidu.com https://tuvamerica.com; frame-src https://*.tuev-sued.de https://mail.tuv-sud.com https://apps.tuv-sud.in https://js.driftt.com/ https://www.facebook.com https://www.youtube.com https://portal.tuv-sud.cz/ https://embed.kfztermin.com/ https://app.sendnode.com https://backend.spapps.tuev-sued.com/ https://bid.g.doubleclick.net https://netdocx.netinform.de https://softwareservice.netinform.de https://tuvsud.loki.media https://vars.hotjar.com https://www.autoevaluacioncompliancetuvsud-prod.es https://www.google.com https://www.objektbrief.de https://www.safer-shopping.de https://safetyfirst.podigee.io/ https://cdn.podigee.com/ https://app.itrivio.cz/tuv-sud/ madeforchina.tuv-sud.cn e.issuu.com https://ap-apps.tuev-sued.com/ https://academy.tuv-sud-psb.sg/ https://forms.tuv-sud.jp https://www.eventbrite.co.uk https://academy.tuv-sud-america.com/ https://tuvsud-dev.loki.media/ https://www.tryinteract.com/ https://i.tryinteract.com/ https://academy.tuv-sud-america.com https://us-academy.tuvsud.com https://drift.com https://event.on24.com https://ap-apps.tuev-sued.com/ https://apps.tuv-sud.in https://academy.tuv-sud-psb.sg/ https://tuvsudds.regfox.com https://madeforchina.tuv-sud.cn https://connect.tuv.it https://digital-academy-it.tuv.it/it https://api.map.baidu.com https://tuvamerica.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://*.tuev-sued.de/ https://www.tuvsud.com/ https://hm.baidu.com/ https://js.driftt.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://connect.facebook.net/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://www.google-analytics.com/ https://www.google.com/pagead/ https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://maps.googleapis.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://s.ytimg.com/ https://www.youtube.com/iframe_api https://cdn.podigee.com/ https://b92.yahoo.co.jp/ e.issuu.com https://www.eventbrite.co.uk https://www.tryinteract.com/ https://i.tryinteract.com/ https://academy.tuv-sud-america.com https://us-academy.tuvsud.com https://drift.com https://event.on24.com https://ap-apps.tuev-sued.com/ https://apps.tuv-sud.in https://academy.tuv-sud-psb.sg/ https://tuvsudds.regfox.com https://madeforchina.tuv-sud.cn https://connect.tuv.it https://digital-academy-it.tuv.it/it https://api.map.baidu.com https://tuvamerica.com; object-src 'none'; 1 default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelassociates.com:*; frame-ancestors *.calypso.net.au *.travelassociates.com; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1 default-src 'self' *.justanswer.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.justanswer.de *.justanswer.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com cdn.mouseflow.com ajax.googleapis.com assets.adobedtm.com tracker.marinsm.com d.impactradius-event.com *.optimizely.com; style-src 'self' 'unsafe-inline' *.justanswer.de *.justanswer.com; img-src 'self' data: https: *.justanswer.de ww2.justanswer.de; font-src data: 'self' fonts.gstatic.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com *.justanswer.de; frame-src 'self' bid.g.doubleclick.net; report-uri https://secure.justanswer.de/processes/csp-violation.ashx; 1 default-src 'self' *.hsbcdirect.com; script-src 'self' 'unsafe-eval' *.hsbcdirect.com 'unsafe-inline' cdn.appdynamics.com col.eum-appdynamics.com *.liveperson.net www.askus.hsbc.co.uk accdn.lpsnmedia.net www.mcmdev.hsbc.co.uk hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com 'unsafe-eval'; style-src 'self' *.hsbcdirect.com 'unsafe-inline'; img-src 'self' *.hsbcdirect.com data: ad.doubleclick.net www.askus.hsbc.co.uk uconnect.tealiumiq.com; child-src 'self' *.hsbcdirect.com hsbcbankglobal.demdex.net *.lo.cobrowse.liveperson.net lpcdn.lpsnmedia.net; connect-src 'self' *.hsbcdirect.com col.eum-appdynamics.com dpm.demdex.net; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com/; 1 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.googletagmanager.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 prefetch-src static.klaviyo.com; font-src *.bobux.com *.typekit.net data: strutagiocdn.blob.core.windows.net maxcdn.bootstrapcdn.com js.klevu.com static.klaviyo.com fonts.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action *.bobux.com www.facebook.com www.youtube.com static.klaviyo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com *.bobux.com www.facebook.com www.youtube.com strutfit.azurewebsites.net static.klaviyo.com player.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.bobux.com www.facebook.com data: strutagiocdn.blob.core.windows.net static.afterpay.com static.secure-afterpay.com.au a.klaviyo.com static.klaviyo.com js.klevu.com *.cloudfront.net www.google.com www.google.com.ua bat.bing.com portal.sandbox.afterpay.com connect.facebook.net maps.gstatic.com www.youtube.com scontent.cdninstagram.com cx.atdmt.com maps.googleapis.com integration-assets.laybuy.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.bobux.com foursixty.com connect.facebook.net *.newrelic.com *.nr-data.net static.klaviyo.com *.klaviyo.com solve.io strutagiocdn.blob.core.windows.net js.klevu.com static.prod-00.bobux.solvestack.net maps.googleapis.com www.gstatic.com www.google.com portal-sandbox.afterpay.com fullstory.com bat.bing.com portal.afterpay.com portal.sandbox.afterpay.com www.googletagmanager.com uscs16.ksearchnet.com fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bobux.com *.klaviyo.com static.klaviyo.com foursixty.com *.typekit.net maxcdn.bootstrapcdn.com js.klevu.com fonts.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.klaviyo.com static.klaviyo.com *.bobux.com foursixty.com *.nr-data.net strutfitportalapi.azurewebsites.net www.google-analytics.com prod-00.bobux.solvestack.net stats.g.doubleclick.net www.paypal.com uscs15.ksearchnet.com www.facebook.com www.youtube.com stats.ksearchnet.com image-complainer.foursixty.com uscs16.ksearchnet.com bat.bing.com maps.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=2caa648396f63ede66d41f27c18ba1dc 1 font-src https://cdn.checkout.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.amazon.de *.payments-amazon.de https://js.checkout.com https://klarna-payments-eu.playground.klarna.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.de *.media-amazon.de 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com static.searchanise.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.checkout.com https://x.klarnacdn.net/kp/lib/v1/api.js r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com searchanise-ef84.kxcdn.com s3.amazonaws.com https://cdn.checkout.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.amazon.de *.amazonpay.de mws.amazonservices.de https://js.checkout.com https://eu.playground.klarnaevt.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri https://reporting.go-mpulse.net/report/8WYVA-VHWT3-NJU5F-XVBLK-47DNY; report-to default; default-src 'self' *.nicj.net; frame-src 'self' *.nicj.net *.google.com; script-src 'unsafe-inline' 'self' *.nicj.net *.go-mpulse.net *.google.com *.gstatic.com *.google-analytics.com cdn.ampproject.org; style-src 'unsafe-inline' 'self' *.nicj.net fonts.googleapis.com; font-src 'self' *.nicj.net *.gstatic.com data:; img-src 'self' *.nicj.net secure.gravatar.com *.google-analytics.com data: *.assoc-amazon.com *.media-amazon.com *.akstat.io; connect-src 'self' *.nicj.net *.go-mpulse.net *.akstat.io *.google-analytics.com cdn.ampproject.org 1 child-src 'self'; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.amplitude.com https://*.appcues.com https://*.appcues.net https://*.cdn.prismic.io https://*.clarity.ms https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.hubspot.com https://*.imgix.net https://*.inspectlet.com https://*.leadpages.io https://*.oliverlist.com https://*.pinterest.com https://*.segment.io https://*.zdassets.com https://*.zendesk.com https://sentry.io wss://*.appcues.net wss://*.inspectlet.com; default-src 'self'; font-src 'self' chrome-extension: data: https://*.gstatic.com https://*.leadpages.net https://github.com/google/fonts/; frame-src 'self' https://*.ankorstore.com https://*.cluvio.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://*.hubspot.com https://*.stripe.com; img-src 'self' data: https://*.ads.linkedin.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.ie https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.haendlerbund.de https://*.hubspot.com https://*.imgix.net https://*.inspectlet.com https://*.leadpages.io https://*.linkedin.com https://*.pinterest.com https://*.prismic.io https://placehold.it wss://*.inspectlet.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.amplitude.com https://*.appcues.com https://*.clarity.ms https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsleadflows.net https://*.inspectlet.com https://*.licdn.com https://*.oliverlist.com https://*.pinimg.com https://*.segment.com https://*.stripe.com https://*.usemessages.com https://*.zdassets.com https://cdnjs.cloudflare.com/ajax/libs/ https://polyfill.io wss://*.inspectlet.com; style-src 'self' 'unsafe-inline' https://*.appcues.com https://*.googleapis.com https://*.leadpages.net; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_98c6fc9d9d2f9fcd72222667843a1742 1 font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com *.hotjar.com *.facebook.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.gstatic.com *.google.com *.googleapis.com *.facebook.com *.cloudfront.net 'self' 'unsafe-inline'; script-src *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cardinalcommerce.com *.pingdom.net https://www.google.com *.googleapis.com *.googletagmanager.com *.payments-amazon.com translate.google.com *.hotjar.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.amazon.com *.pingdom.net *.hotjar.com *.hotjar.io *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1 frame-src 'self' *.google.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com; 1 default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://firmsites.report-uri.com/r/t/csp/reportOnly 1 font-src fonts.gstatic.com fonts.googleapis.com use.fontawesome.com static.warentuin.nl 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es ogone.test.v-psp.com secure.ogone.com www.securesuite.co.uk static.warentuin.nl yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.kiyoh.com www.youtube.com ogone.test.v-psp.com secure.ogone.com www.google.com gum.criteo.com static.criteo.net static.warentuin.nl *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://redchamps.com https: ts.tradetracker.net *.gstatic.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io data: www.googletagmanager.com tagmanager.google.com s.adroll.com d.adroll.com d.adroll.mgr.consensu.org www.google.com www.gstatic.com connect.facebook.net s7.addthis.com widget.freshworks.com static.criteo.net sslwidget.criteo.com tm.tradetracker.net static.warentuin.nl https://www.googletagmanager.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com use.fontawesome.com tagmanager.google.com widget.freshworks.com static.warentuin.nl yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.google-analytics.com stats.g.doubleclick.net d.adroll.com s.adroll.com widget.freshworks.com warentuin.freshdesk.com www.google.com static.warentuin.nl yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk www.youtube-nocookie.com; script-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk cdn.ravenjs.com browser.sentry-cdn.com ssl.google-analytics.com www.google-analytics.com static.addtoany.com dfsrovckda8bt.cloudfront.net hitcounter.servmetric.com www.google.com maps.google.com maps.google.co.uk translate.google.com maps-api-ssl.google.com translate.googleapis.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com babm.texthelp.com plus.browsealoud.com *.tawk.to cdn.jsdelivr.net cdn.syndication.twimg.com https://e.issuu.com https://www.gstatic.com/recaptcha/ websurveys2.servmetric.com websurveys2.govmetric.com hitcounter.govmetric.com content.govdelivery.com cdn.mxpnl.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.nwleics.gov.uk fonts.googleapis.com dfsrovckda8bt.cloudfront.net maps.google.com maps.google.co.uk *.googleapis.com plus.browsealoud.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com websurveys2.govmetric.com websurveys2.servmetric.com 'unsafe-inline'; img-src 'self' data: www.nwleics.gov.uk secure.cuttlefish.com static.cuttlefish.com ssl.google-analytics.com www.google-analytics.com dfsrovckda8bt.cloudfront.net www.google.com maps.google.com maps.google.co.uk *.gstatic.com *.googleapis.com translate.google.com maps-api-ssl.google.com babm.texthelp.com plus.browsealoud.com syndication.twitter.com platform.twitter.com stats.g.doubleclick.net cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com abs.twimg.com https://*.ggpht.com static-v.tawk.to websurveys2.govmetric.com websurveys2.servmetric.com content.govdelivery.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com static-v.tawk.to; connect-src 'self' www.nwleics.gov.uk ssl.google-analytics.com www.google-analytics.com translate.googleapis.com babm.texthelp.com plus.browsealoud.com baspeech.speechstream.net sentry.cuttlefish.com https://stats.g.doubleclick.net *.tawk.to wss://*.tawk.to https://api.mixpanel.com ; frame-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk static.addtoany.com platform.twitter.com syndication.twitter.com www.facebook.com www.facebook.com websurveys.servmetric.com www.youtube-nocookie.com https://e.issuu.com https://www.google.com/recaptcha/ va.tawk.to websurveys2.govmetric.com; media-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk baspeech.speechstream.net; frame-ancestors 'self' www.nwleics.gov.uk my.nwleics.gov.uk; child-src 'self' va.tawk.to; form-action 'self' www.nwleics.gov.uk my.nwleics.gov.uk pa.nwleics.gov.uk va.tawk.to https://public.govdelivery.com/accounts/UKCHARNWOOD/subscribers/qualify; report-uri https://us-central1-domains-174713.cloudfunctions.net/csp?report_only; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleadservices.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.bbb.org https://*.adsrvr.org https://*.unpkg.com https://*.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.bbb.org; report-uri https://core3kinc.uriports.com/reports/report; report-to default 1 default-src https:; form-action https:; report-uri:https://openmikes.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; report-uri https://piratepcs.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1606328602 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://www.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://s7.addthis.com http://assets.pinterest.com https://assests.pinterest.com https://www.facebook.com https://bid.g.doubleclick.net/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https: yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.googletagmanager.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com http://graph.facebook.com https://graph.facebook.com http://assets.pinterest.com https://assests.pinterest.com http://widgets.pinterest.com https://widgets.pinterest.com http://api-public.addthis.com https://api-public.addthis.com http://api-public-oci-origin.addthis.com https://z.moatads.com https://static.ads-twitter.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://connect.facebook.net https://chimpstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.sandbox.braintree-api.com assets.braintreegateway.com https://s7.addthis.com https://m.addthis.com https://stats.g.doubleclick.net https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.sagepay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1 default-src *; connect-src 'self' https://api.chatlio.com https://api-cdn.chatlio.com https://cdn.livechatinc.com https://location.vs-web.net; style-src 'self' https://w.chatlio.com https://www.socialintents.com https://netdna.bootstrapcdn.com; font-src https://netdna.bootstrapcdn.com; media-src 'self' https://w.chatlio.com https://cdn.livechatinc.com; img-src * data: blob:; script-src 'self' https://w.chatlio.com https://cdn.livechatinc.com https://secure.livechatinc.com https://unpkg.com https://www.google.com/pagead/conversion_async.js https://snap.licdn.com https://matomo.rexx-systems.com https://backend.verder-scientific.com https://stats.g.doubleclick.net https://static.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.socialintents.com https://ajax.googleapis.com; frame-src 'self' https://secure.livechatinc.com https://configurator.qatm.com https://www.socialintents.com https://www.linkedin.com; report-uri https://backend.verder-scientific.com/_csp 1 default-src 'self' https: data: 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' platform.twitter.com maps.googleapis.com *.facebook.net *.google-analytics.com; img-src 'self' secure.gravatar.com s.w.org maps.googleapis.com syndication.twitter.com *.gstatic.com *.google-analytics.com *.facebook.com *.google.com *.google.pl stats.g.doubleclick.net; report-uri https://69830d5e338164135e36866a3157b942.report-uri.com/r/d/csp/reportOnly 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri / 1 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.stats.g.doubleclick.net https://*.doubleclick.net; font-src 'self' https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io data:; form-action 'self'; frame-ancestors 'self'; frame-src https://*.youtube.com *.youtube.com https://*.vimeo.com *.vimeo.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://staticcdn.co.nz https://bid.g.doubleclick.net https://www.googletagmanager.com; img-src 'self' https://api.swiftype.com api.swiftype.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://staticcdn.co.nz https://stats.g.doubleclick.net blob: data:; media-src https://*.youtube.com *.youtube.com https://*.vimeo.com *.vimeo.com; object-src 'none'; script-src 'self' https://api.swiftype.com api.swiftype.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com www.youtube.com https://s.ytimg.com s.ytimg.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.static.hotjar.com *.static.hotjar.com https://*.gstatic.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=weTLotI0TZaW1Epw9XXRUg; report-to https://report-to-api.raygun.com/reports-csp?apikey=weTLotI0TZaW1Epw9XXRUg; upgrade-insecure-requests 1 connect-src 'self' csi.gstatic.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com img-sketch.pximg.net stats.g.doubleclick.net *.pixivsketch.net https://www.google-analytics.com wss://*.pixivsketch.net wss://sketch.pixiv.net https://errortrace.dev https://fanbox.pixiv.net https://paintschainer-pixiv-api.preferred.tech;default-src 'self';font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com;frame-src imasdk.googleapis.com survey.g.doubleclick.net www.googletagmanager.com www.youtube.com;img-src * blob: data:;media-src * blob: data:;report-uri https://errortrace.dev/api/21/security/?sentry_environment=production&sentry_key=ffee68063ed64c83a910d38758fa4c10;script-src * 'unsafe-eval' 'unsafe-inline' blob: 'nonce-kt5EKhwiGJOx';style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com 1 default-src http: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' analytics.yahoo.com tapad.com pubmatic.com advertising.com casalemedia.com openx.net 3lift.com smartadserver.com usabilla.com addthis.com rubiconproject.com as.criteo.com bidswitch.net twitter.com t.co google-analytics.com ads.stickyadstv.com criteo.net criteo.com g.doubleclick.net *.g.doubleclick.net fls.doubleclick.net 9081776.fls.doubleclick.net 10179130.fls.doubleclick.net bluekai.com googletagmanager.com *.googletagmanager.com adsrvr.org clicktale.net ugc.bazaarvoice.com bazaarvoice.com ads-twitter.com cquotient.com facebook.net pixlee.com *.pixlee.com *.pixlee.co gstatic.com adnxs.com krxd.net google.com *.google.com www.google.co.jp *.google-analytics.com *.googleadservices.com nexus.bazaarvoice.com amazon-adsystem.com facebook.com cloudfront.net googleadservices.com *.yahoo.com *.aralego.com acuityplatform.com yahoo.com meba.kr *.addthis.com *.openx.net aralego.com *.meba.kr ads.yieldmo.com *.nex8.net nex8.net ad-stir.com send.microad.jp *.usabilla.com usabilla.com *.smartadserver.com teads.tv *.teads.tv *.ad-stir.com *.socdm.com socdm.com *.adingo.jp adingo.jp sitescout.com i-mobile.co.jp gssprt.jp *.gssprt.jp media.net nend.net *.advertising.com *.media.net *.casalemedia.com *.rubiconproject.com *.pubmatic.com *.outbrain.com outbrain.com *.360yield.com *.3lift.com *.tapad.com *.taboola.com taboola.com 360yield.com *.e-planning.net e-planning.net *.nend.net *.sitescout.com *.facebook.net *.facebook.com payments-amazon.com *.payments-amazon.com creativecdn.com *.creativecdn.com newrelic.com *.newrelic.com *.cquotient.com ra.linksynergy.com *.ads-twitter.com bytedance.com *.linksynergy.com linksynergy.com *.cloudfront.net *.adnxs.com *.bazaarvoice.com *.bidswitch.net *.amazon-adsystem.com *.rmtag.com *.criteo.com rmtag.com *.criteo.net yahoo.co.jp *.yahoo.co.jp *.clicktale.net *.yimg.jp *.gstatic.com yimg.jp line-scdn.net puma.com puma.net *.puma.com *.amazon.com amazon.com *.line-scdn.net *.line.me *.puma.net line.me *.adsrvr.org *.twitter.com *.t.co dc-storm.com *.dc-storm.com *.bluekai.com *.krxd.net treasuredata.com *.treasuredata.com adpix.jp *.adpix.jp *.socdm.com socdm.com uncn.jp smartadserver.com *.c-rings.net *.ebis.ne.jp static.bytedance.com assets.pxlecdn.com bam.eu01.nr-data.net p01.mul-pay.jp yubinbango.github.io s.pinimg.com d.btttag.com pumajp18791z.btttag.com s.ad.smaato.net payments.amazon.co.jp m.media-amazon.com images-na.ssl-images-amazon.com jadserve.postrelease.com cdn.aralego.net idsync.rlcdn.com aj.acrosspf.com www.youtube.com s-cs.send.microad.jp sync-criteo.ads.yieldmo.com adx.dable.io *.adscale.de ad.yieldlab.net; report-uri https://enterprise.report-uri.com/r/d/csp/reportOnly; 1 font-src http://js.klevu.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com http://js.klevu.com https://www.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com http://js.klevu.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com http://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://js.klevu.com https://bam.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 1 font-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.authorize.net jstest.authorize.net accept.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com https://staging.jtbcustom.com https://silhouette.jtbcustom.com https://silhouette-production.s3.amazonaws.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://staging.jtbcustom.com https://silhouette.jtbcustom.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ https://staging.jtbcustom.com https://silhouette.jtbcustom.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com https://staging.jtbcustom.com https://silhouette.jtbcustom.com js.authorize.net jstest.authorize.net api.authorize.net apitest.authorize.net accept.authorize.net test.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://s.ytimg.com https://www.youtube.com https://e.issuu.com https://irs.tools.investis.com https://otp.tools.investis.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://otp.tools.investis.com; img-src 'self' data: https: ; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://otp.tools.investis.com; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://irs.tools.investis.com; media-src 'self'; object-src 'self'; frame-src 'self' https://clydesdalebankplc.demdex.net https://secure.flife.de https://otp.tools.investis.com https://irs.tools.investis.com https://clydesdale-bank.production.investis.com https://www.youtube.com https://e.issuu.com https://player.vimeo.com https://embeds.audioboom.com; frame-ancestors 'self' *.virginmoney.com; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 1 font-src https://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://*.infusionsoft.app 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://*.infusionsoft.app https://r.fidelid.com https://pixel.voltn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com http://container.pepperjam.com https://lz393.infusionsoft.com http://www.upsellit.com http://static.criteo.net https://static.traversedlp.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://connect.facebook.net https://www.google.com https://static.hotjar.com https://script.crazyegg.com https://static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com http://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com wss://widget-mediator.zopim.com https://shopper.shop.pe https://gadgetguard.zendesk.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src http://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com; report-uri /csp-violation-report-endpoint/ 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri //report-csp-violation 1 script-src 'strict-dynamic' 'nonce-MjgyODMxMDQ0NiwxNjkwMjkxNTY='; 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.google.com *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com *.vimeo.com *.akamaized.net *.vimeocdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com code.jquery.com ajax.aspnetcdn.com *.google-analytics.com *.googletagmanager.com *.google.com translate.google.com *.hotjar.com *.readspeaker.com *.googleapis.com *.marketingautomation.services www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net extreme-ip-lookup.com *.leadinfo.net; connect-src 'self' *.typekit.net *.umbraco.org *.openstreetmap.org *.leadinfo.net *.google-analytics.com;img-src 'self' *.blob.core.windows.net data: *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org; media-src 'self' *.youtube.com *.vimeo.com; font-src 'self' *.fonts.net data: *.fonts.net *.typekit.net *.gstatic.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.google.com *.fonts.net www.openlayers.org openlayers.org; 1 worker-src blob:; font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://surplusstore.co.uk/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://player.vimeo.com https://www.youtube.com https://cdn.ampproject.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.ampproject.org 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://dmzls-dub-mc.safe-installation.com/poker 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 require-sri-for script style; default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://adhive.com/account/fwk/csp/report 1 report-uri https://www.payment-express.net/csp_report; frame-src 'self' https://vault.county-taxes.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.payment-express.net https://*.pay-hub.net https://*.google-analytics.com https://vault.county-taxes.com; style-src 'self' 'unsafe-inline' https://*.payment-express.net https://*.pay-hub.net https://fonts.googleapis.com https://cdn.jsdelivr.net; connect-src 'self' https://*.pay-hub.net https://*.payment-express.net https://config.grantstreet.com https://demo-config.grantstreet.com https://stage-config.grantstreet.com https://beta-config.grantstreet.com https://test-config.grantstreet.com https://postback.grantstreet.com https://demo-postback.grantstreet.com https://stage-postback.grantstreet.com https://beta-postback.grantstreet.com https://test-postback.grantstreet.com https://gwa.gsglocal.com:* https://triposproxy.grantstreet.com https://demo-triposproxy.grantstreet.com https://stage-triposproxy.grantstreet.com https://beta-triposproxy.grantstreet.com https://test-triposproxy.grantstreet.com https://dev-triposproxy.grantstreet.com https://dev-e-wallet.grantstreet.com https://test-e-wallet.grantstreet.com https://beta-e-wallet.grantstreet.com https://stage-e-wallet.grantstreet.com https://demo-e-wallet.grantstreet.com https://e-wallet.grantstreet.com https://*.launchdarkly.com https://sentry.io https://*.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://*.google-analytics.com https://s3.amazonaws.com https://mkt-prod-gsg-wordpress.s3.amazonaws.com; default-src 'self' https://*.payment-express.net https://*.pay-hub.net 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com platform.twitter.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com connect.facebook.net twitter.com platform.twitter.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.thebodyshop.com.tr *.thebodyshop 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.youtube.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.youtube.com 'self' data: *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.thebodyshop.com.tr *.thebodyshop *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.demdex.net *.everesttech.net *.googleapis.com *.gstatic.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.nr-data.net *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.thebodyshop.com.tr *.thebodyshop *.omtrdc.net *.newrelic.com *.google.com *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.thebodyshop.com.tr *.thebodyshop *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net commerce.adobe.net qa-api.magedevteam.com commerce-beta.adobe.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.cloudflare.com *.google-analytics.com *.doubleclick.net *.twitter.com *.paypal.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.thebodyshop.com.tr *.thebodyshop *.nr-data.net *.veinteractive.com *.demdex.net *.omtrdc.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com/ 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com vars.hotjar.com www.facebook.com www.paypalobjects.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com www.google.com www.google.co.uk heapanalytics.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.rejoiner.com www.googletagmanager.com static.hotjar.com script.hotjar.com cdn.livechatinc.com secure.livechatinc.com orlajames.iljmp.com connect.facebook.net cdn.heapanalytics.com googleads.g.doubleclick.net paypal-eu-cdn.cloudiq.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com stats.g.doubleclick.net migrations.rejoiner.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ie&source%5Bsection%5D=brochure&source%5Buuid%5D=47206f828d8ef0938e48e61d475ee6c9 1 script-src 'unsafe-inline' 'self' 'unsafe-eval' *.amazonaws.com *.bing.com *.cdn77.org *.criteo.com *.criteo.net *.doubleclick.net *.ehi-siegel.de *.ehi-siegel.com *.facebook.net *.google.com *.googleapis.com *.googlecommerce.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.imedia.cz *.heureka.cz *.hotjar.com *.mapy.cz *.newrelic.com *.nr-data.net *.payments-amazon.com *.paypal.com *.paypalobjects.com *.smartlook.com *.smartsuppcdn.com *.smartsuppchat.com *.trustedshops.com *.twitter.com *.wirecard.com *.zasilkovna.cz *.zbozi.cz ; report-uri https://www.parfum-zentrum.de/cspreport.php?backend_server=app3 1 media-src https://*.yahoo.com https://*.amazonaws.com https://*.smushcdn.com https://*.usemessages.com https://*.facebook.com https://*.google.com https://*.vimeo.com https://*.fbcdn.net https://*.instagram.com https://*.cloudfront.net https://www.harvestbyhillwood.com; img-src https://*.g.doubleclick.net https://*.google-analytics.com https://*.typekit.net https://*.googleadservices.com https://*.cdninstagram.com https://*.vimeo.com https://*.unionparkbyhillwood.com https://*.analytics.yahoo.com https://*.amazonaws.com https://*.facebook.com https://*.yahoo.com https://*.googleapis.com https://*.fbcdn.net https://*.cloudfront.net https://*.smushcdn.com https://*.google.com https://*.usemessages.com https://*.hubspot.com https://*.harvestbyhillwood.com https://*.s3.us-east-2.amazonaws.com https://*.instagram.com https://www.google.com.ng https://www.google.com.jm https://www.google.ae https://www.google.bj https://forms.hsforms.com https://www.google.com.mt https://pixel.spotify.com https://www.google.ca https://www.google.am https://www.google.co.jp https://connect.facebook.net https://www.google.co.uk https://www.google.com.mx https://googletagmanager.com; object-src https://*.smushcdn.com; worker-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.smushcdn.com https://*.yahoo.com https://*.facebook.com https://*.vimeo.com https://*.hsforms.com https://*.twitter.com https://*.googleapis.com https://*.g.doubleclick.net https://*.usemessages.com https://*.hsforms.net https://*.amazonaws.com https://*.googleadservices.com https://*.cloudflare.com https://*.yahooapis.com https://*.wishpond.net https://*.harvestbyhillwood.com https://*.cloudfront.net https://*.typekit.net https://*.instagram.com https://*.smarttouchinteractive.com https://*.fbcdn.net https://*.hs-analytics.net https://*.google.com https://*.hs-scripts.com https://www.google-analytics.com https://connect.facebook.net https://us.jsagent.tcell.insight.rapid7.com/; manifest-src 'none'; style-src 'unsafe-inline' 'unsafe-eval' https://*.facebook.com https://*.cloudflare.com https://*.wishpond.net https://*.typekit.net https://*.harvestbyhillwood.com https://*.fbcdn.net https://*.usemessages.com https://*.vimeo.com https://*.googleapis.com https://*.google.com https://*.cloudfront.net https://*.hsforms.net https://*.facebook.net https://*.yahoo.com https://*.s3.us-east-2.amazonaws.com https://*.smushcdn.com https://use.fontawesome.com; font-src https://*.amazonaws.com https://*.typekit.net https://*.cloudflare.com https://*.harvestbyhillwood.com https://*.facebook.com https://*.googleapis.com https://*.fontawesome.com/ https://*.gstatic.com https://*.instagram.com https://*.usemessages.com https://*.google.com https://*.unionparkbyhillwood.com https://*.fbcdn.net https://use.fontawesome.com; child-src https://*.amazonaws.com https://*.fbcdn.net https://*.smushcdn.com https://*.wishpond.net https://*.vimeo.com https://*.googleapis.com https://*.instagram.com https://*.google.com https://*.g.doubleclick.net https://*.newhomesource.com https://*.yahoo.com https://*.facebook.com https://*.twitter.com https://*.usemessages.com https://www.youtube.com https://tpc.googlesyndication.com https://us.browser.tcell.insight.rapid7.com/ https://www.harvestbyhillwood.com https://forms.hsforms.com https://www.googletagmanager.com https://js.hscollectedforms.net; frame-src https://*.amazonaws.com https://*.fbcdn.net https://*.smushcdn.com https://*.wishpond.net https://*.vimeo.com https://*.googleapis.com https://*.instagram.com https://*.google.com https://*.g.doubleclick.net https://*.newhomesource.com https://*.yahoo.com https://*.facebook.com https://*.twitter.com https://*.usemessages.com https://www.youtube.com https://tpc.googlesyndication.com https://us.browser.tcell.insight.rapid7.com/ https://www.harvestbyhillwood.com https://forms.hsforms.com https://www.googletagmanager.com https://js.hscollectedforms.net; connect-src https://*.google-analytics.com https://*.fbcdn.net https://*.google.com https://*.rapid7.com https://*.amazonaws.com https://*.luckyorange.net https://*.g.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.wishpond.com https://*.wishpond.net https://*.typekit.net https://*.usemessages.com https://*.appspot-preview.com https://*.hubspot.com https://*.instagram.com https://*.yahoo.com https://*.smarttouchinteractive.com https://forms.hsforms.com https://us.agent.tcell.insight.rapid7.com https://www.harvestbyhillwood.com https://us.browser.tcell.insight.rapid7.com/ wss://artisan.wishpond.com; report-uri https://us.browser.tcell.insight.rapid7.com/csp/dd86c03eba69e29707cee35453e6ad36de206174d235523553310c391dca10fa?sid=1c7f387af2656a4e54ec4ab5ba99b6f2&rid=lXbTXcbABvD-5E099SGd6JADZ7bwZqeJxRH9XhU6WMk 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.avada.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=play&d=2021-01-15 1 frame-ancestors 'none'; object-src 'none'; block-all-mixed-content; report-uri https://sentry.io/api/161479/security/?sentry_key=9c457471fc3c4ce0a248b295ec84cb32 1 "default-src 'self' live.adyen.com *.online-metrix.net *.queue-it.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adform.net *.visualwebsiteoptimizer.com *.clic2buy.com *.force.com *.maxymiser.net *.mathtag.com *.ads-twitter.com *.mlstatic.com *.twitter.com *.instagram.com *.nescafe.es checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.criteo.com *.criteo.net *.facebook.net *.en25.com *.krxd.net *.googleapis.com *.youtube.com *.fusepump.com *.serving-sys.com *.moatads.com *.addthisedge.com *.quantserve.com *.quantcount.com *.oppwa.com *.googleadservices.com *.bkrtx.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.evidon.com *.betrad.com *.google-analytics.com *.google.com *.googletagmanager.com *.addthis.com live.adyen.com *.queue-it.net *.salesforceliveagent.com *.online-metrix.net *.ytimg.com; style-src 'self' 'unsafe-inline' *.force.com *.googleapis.com *.fusepump.com; font-src 'self' data: *.sfdcstatic.com *.gstatic.com 'unsafe-inline'; img-src 'self' t.co *.dotomi.com *.fastclick.net *.visualwebsiteoptimizer.com *.userreport.com *.kantarworldpanel.fr *.google.ro *.mlstatic.com http://imgmp.mlstatic.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.quantserve.com *.w.org *.dolcegusto-me.com dolcegusto-me.com *.dolce-gusto.com *.dolce-gusto.es *.gstatic.com *.googleapis.com *.fusepump.com *.eloqua.com *.google.com *.facebook.com *.doubleclick.net 'unsafe-inline' *.dolcegusto-me.com dolcegusto-me.com *.google-analytics.com *.googletagmanager.com *.online-metrix.net *.youtube.com *.betrad.com *.evidon.com data: *.krxd.net *.yahoo.com *.pump.to *.pubmatic.com *.stickyadstv.com *.yieldmo.com *.taboola.com *.e-planning.net *.tremorhub.com *.liadm.com *.outbrain.com *.rubiconproject.com *.smaato.net *.360yield.com *.openx.net *.pubmatic.com *.casalemedia.com *.3lift.com *.advertising.com *.teads.tv *.omnitagjs.com *.media.net *.bidswitch.net *.sharethrough.net *.criteo.com *.adnxs.com *.adform.net *.smartadserver.com *.ivitrack.com *.amazon-adsystem.com *.sharethrough.com *.turn.com *.adsrvr.org *.cdglb.com *.bnmla.com *.postrelease.com *.adscale.de *.twiago.com *.yieldlab.net *.smartclip.net *.addthis.com *.yandex.ru *.demdex.net *.mail.ru *.socdm.com *.facebook.net *.ytimg.com; connect-src 'self' *.mercadopago.com *.google-analytics.com *.doubleclick.net *.fusepump.com *.analyze.ly *.nr-data.net 'unsafe-inline' *.facebook.com *.dolcegusto-me.com dolcegusto-me.com *.online-metrix.net *.addthis.com *.sessioncam.com *.postcodeanywhere.co.uk; frame-src 'self' *.doubleclick.net *.dolcegusto-me.com dolcegusto-me.com *.postfinance.ch *.online-metrix.net *.addthis.com *.krxd.net *.facebook.com *.criteo.net *.youtube.com *.twitter.com dolcegusto-me.com *.dolcegusto-me.com *.mercadolibre.com *.mathtag.com *.force.com *.amazon-adsystem.com *.click2buy.com *.adform.net" 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com g